On Fri, Jul 12, 2002 at 09:59:04AM +0000, SB CH wrote: > I would like to forward ftp request to other server's other port to improve > the security. Is it possible?
Quite possibly. You know there are two ports involved with ftp; what you may not know is that there are two different methods of using the two ports. One method is known as active, the other is known as passive. In active mode, the client provides an ip/port pair for the server to connect to. With more and more clients behind firewalls, or worse yet, NAT boxes, clients are more typically unable to use active mode. In passive mode, the server provides an ip/port for the client to connect to. This normally works, since the ftp server has a real IP address, and its firewall ruleset will allow connections to the port range used for the data connections. If you are going to use NAT to redirect ftp, then your clients will either need to use active mode (not possible for many clients) or your ftp will need to work very closely with the NAT firewall. The only system that I know that can do this is ftp-proxy in OpenBSD. It is closely tied to the firewall, so porting it to Linux might be a fair bit of work. -- http://www.wirex.com/
msg00388/pgp00000.pgp
Description: PGP signature
