Re: ipf/ipnat ftp proxy mode for server side?

On Fri, 25 Nov 2011 19:51:22 +0100
Edgar Fuß <> wrote:

> Suppose I have an FTP server behind a IPF firewall.
> Is there an IPNAT proxy mode for /incoming/ passive-mode FTP connections?
> I.e. is there a more intelligent way to allow passive mode than giving a 
> portrange in ftpd.conf and a corresponding port >< rule in ipf.conf?

I used to use a custom userland daemon to proxy FTP connections from
the firewall to my FTP server, however what I'm doing since a few years
is what you're describing (as well as having an HTTPd point to the same
public directory for convenience).

pkgsrc's ftpproxy seems to be one similar FTP proxy daemon to what I
was using though.  Another alternative is ftp-proxy(8) but which works
with pf(4), not ipf(4) (I have no experience with ftp-proxy(8)

