Proftpd server passive requests
Dan Shoop
shoop at iwiring.net
Sun Mar 28 19:40:34 PST 2004
At 5:25 PM -0500 3/28/04, Richard Peskin wrote:
>I would be interested in learning of anyone's experience using
>ProFTPD 1.2.9 with IPFIlter "on" under a 10.3.3 Panther server. My
>experience is as follows:
>1. With IPFiltering off, ProFTPD handles passive (really EPSV)
>requests correctly.
>2. With IPFiltering on passive requests cause the server to stall,
>and perhaps drop the connection. (An ipfw rule to send incoming port
>20,21 requests to a range of non-critical ports is normally used for
>passive requests.)
Well this isn't a good way to handle filtering for passive FTP, and
you can see why.
>So far the only way around this problem I can see is to use a
>hardware firewall and not use IPFiltering on the server.
Many of us have been expounding that over and over and over...
A Mac does not make a good firewall.
--
-dhan
------------------------------------------------------------------------
Dan Shoop shoop at iwiring.net
Consulting Internet Architect shoop at mac.com
AIM: iWiring http://www.iwiring.net/
pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B
iWiring designs and supports Internet systems and networks based on
Mac OS X, unix, and Open Source application technologies and offers
24x7, guaranteed support to registered clients, at affordable rates.
More information about the MacOSX-admin
mailing list