It uses a lot of CPU you mean? Do you have a lot of activity on port
21? (lots of small transfers maybe?).
Yes, it means a lot of CPU. Indeed I've seen a 90% of 'interrupt'
according to symon graphs.
Note that ftpsesame doesn't have anything to do with the actual FTP data
transfers, it just takes care to insert PF rules that allows those,
after that is all kernel.
Ok.
At present moment, I use the next rules:
# FTP passive
anchor "ftpsesame/*" in on $bridge proto tcp from any to <ftp_servers>
anchor "ftpsesame/*" out on $bridge proto tcp from any to <ftp_servers>
# FTP active
anchor "ftpsesame/*" in on $bridge proto tcp from <ftp_servers> to any
anchor "ftpsesame/*" out on $bridge proto tcp from <ftp_servers> to any
pass quick on $bridge inet proto tcp from any to <ftp_servers> port 21
I don't want to control any outbound connection (indeed I've a nice
'pass quick all' rule), so... ¿are these rules the best in relation to
performance issues?
That's all fine.
Ok. Maybe put the 'pass...' rule in top will be increase the
performance...¿?¿?¿
pass quick on $bridge inet proto tcp from any to <ftp_servers> port 21
anchor "ftpsesame/*" in on $bridge proto tcp from any to <ftp_servers>
anchor "ftpsesame/*" out on $bridge proto tcp from any to <ftp_servers>
anchor "ftpsesame/*" in on $bridge proto tcp from <ftp_servers> to any
anchor "ftpsesame/*" out on $bridge proto tcp from <ftp_servers> to any
Should work, if it doesn't contact me. :-) I can vouch for OpenBSD 4.0.
Well, also un 4.1 and 4.2. So, it should be also in 4.3. Great.
¿Is ftpsesame actively developed/supported nowadays?
Sure, but it has not been needed the last 3 years...
Great to hear. It means that ftpsesame is rock solid and their code and
design is reliable.
One more time, many thanks Camiel.
