Hi all,
The scenario: bridged-based PF box with ftpsesame. OpenBSD 4.2,
production environment. A lot of of FTP concurrents sessions.
1. The last goal is make possible active and passive FTP client
connections AND do it with best performance (using symon I see that the
ftpsesame processes are slowly sometimes).
At present moment, I use the next rules:
# FTP passive
anchor "ftpsesame/*" in on $bridge proto tcp from any to <ftp_servers>
anchor "ftpsesame/*" out on $bridge proto tcp from any to <ftp_servers>
# FTP active
anchor "ftpsesame/*" in on $bridge proto tcp from <ftp_servers> to any
anchor "ftpsesame/*" out on $bridge proto tcp from <ftp_servers> to any
pass quick on $bridge inet proto tcp from any to <ftp_servers> port 21
I don't want to control any outbound connection (indeed I've a nice
'pass quick all' rule), so... ¿are these rules the best in relation to
performance issues?
2. ftpsesame works fine, great app. I see it's a 0.95 version... and
this version was made for OpenBSD 3.6. I suppose the program has not
changed because the anchors treatment is the same in 3.6 as 4.2/4.3. ¿Am
I right? Currently I use ftpsesame in production environment, so will be
very unpleasant to upgrade from 4.2 to 4.3 and discover that ftpsesame
not works...
¿Is ftpsesame actively developed/supported nowadays?
