On Fri, 26 May 2006, Gaby vanhegan wrote: > I see. What about running them on separate IP addresses (both still > on the same machine)? Or do they need to be on different physical > interfaces? Should I use a separate package, such as ftpsesame? Is > there any way round this problem?
Using rules with "user" and/or "group" is the only robust solution to this problem. ftpsesame may work but is raceable, especially if you run it on the same machine as the server. With raceable I mean that it may add a pass rule too late. (but if you only need it to make passive mode work, it's probably alright: the clients on the internet don't react that fast) > I'm curious though, what prevents them from being run on the same > machine? The NAT rules that ftp-proxy adds to the anchors don't work properly in this case. -- Cam