[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ftp-proxy and pf



After reading the ftp rfc's (959 and 1123) I don't understand
how ftp-proxy can work without support of pf, and any
ftp client that works in active mode with the current ftp-proxy
is in  violation of these rfc's.
In particular section 3.2 of rfc949 and 4.1.2.12 of rfc1123
together say that the data from an active ftp connection
must come from port ftp-data and the IP address of the
control channel( i.e. the IP address the ftp open command)
pf needs to be involved because ftp-proxy could rewrite the
IP address and port of the data connection before sending it
on the ftp client, but with out pf redirecting the 
return packets, ftp proxy would not see answering packets
from the client on the data connection.