tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: ipf/ipnat ftp proxy mode for server side?
On Thu, Dec 1, 2011, at 12:14 AM, Edgar Fuß wrote:
> > rdr bge0 1.2.3.4/32 port ftp -> 1.2.3.4 port ftp tcp proxy ftp
> Sorry, I don't get that. Could you explain how it works?
> Is that 1.2.3.4 supposed to be the IP of my FTP server? On both sides?
> Shouldn't the rule involve the ftp-data port?
Yes, the 1.2.3.4 is supposed to be the IP address of your FTP server
and "bge0" would be the network interface that is on the "other side
of the firewall" to the FTP server (the inteface into which FTP SYN
packets are first seen by the firewall when people want to connect
to the ftp srver.)
You should only need the one rule and no, it does not need to involve
the ftp-data port. That is managed by the in-kernel proxy.
Darren
Home |
Main Index |
Thread Index |
Old Index