Hi,
I am protecting IPv6 FTP server in my LAN with PF firewall.
I have two options:
1.
pass out inet6 proto tcp to {XXX:XXX::XXX:XX } port 21
pass out inet6 proto tcp to {XXX:XXX::XXX:XX } port > 1024
2.
anchor "ftp-proxy/*"
pass in inet6 proto tcp to XXX:XXX::XXX:XX port 21 divert-to ::1 port 8021
Option 1 leaves open ports > 1024.
Option 2 rewrites client address to my firewall address.
I know that FTP is dead, but does anyone know a solution for that?
I have found post from 2011 about ftp-proxy being ready for transparent
mode:
http://marc.info/?l=openbsd-tech&m=130219958807458&w=1
Any progress?
Lukasz
