Craig Holmes wrote:
>
> Note that if your firewall is NAT, and your ftp server is on an internal
> computer, and you attempt to forward the port using a program such as
> ipmasqadm, it will not work.

I've successfully used the FTP proxy from SuSE for this task:

        ftp://ftp.suse.com/pub/projects/proxy-suite/

Here's an excerpt from its man page:

FTP-Proxy acts as an application level gateway between FTP clients
and servers. Its main purpose is to secure local FTP servers
against possibly insecure clients or malicious attacks. FTP-Proxy
is believed to be immune against current known attacks based on the FTP
protocol.

FTP-Proxy can be started from the inetd (or xinetd, or any other)
internet super daemon or executed on its own as a standalone
daemon, in which case it will fork child processes to handle
connections. The behaviour depends on the ftp-proxy.conf(5)
configuration option ServerType or the -i and -d command line
switches, where the latter two take precedence.

FTP-Proxy features a rich set of auditing and command restriction
capabilities and is specifically suited for deployment in firewall
environments.

You don't need to be running a SuSE distribution; the package compiles
with ./configure; make install.

Peter

PS: I hate lists where replies go to the poster and not the list!

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]