diff options
Diffstat (limited to 'contrib/pf/ftp-proxy/ftp-proxy.8')
| -rw-r--r-- | contrib/pf/ftp-proxy/ftp-proxy.8 | 45 |
1 files changed, 33 insertions, 12 deletions
diff --git a/contrib/pf/ftp-proxy/ftp-proxy.8 b/contrib/pf/ftp-proxy/ftp-proxy.8 index 3fb0c4d..db043cd 100644 --- a/contrib/pf/ftp-proxy/ftp-proxy.8 +++ b/contrib/pf/ftp-proxy/ftp-proxy.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ftp-proxy.8,v 1.37 2003/09/05 12:27:47 jmc Exp $ +.\" $OpenBSD: ftp-proxy.8,v 1.40 2004/03/16 08:50:07 jmc Exp $ .\" .\" Copyright (c) 1996-2001 .\" Obtuse Systems Corporation, All rights reserved. @@ -38,10 +38,11 @@ .Sh SYNOPSIS .Nm ftp-proxy .Op Fl AnrVw +.Op Fl a Ar address .Op Fl D Ar debuglevel .Op Fl g Ar group -.Op Fl m Ar minport .Op Fl M Ar maxport +.Op Fl m Ar minport .Op Fl t Ar timeout .Op Fl u Ar user .Sh DESCRIPTION @@ -67,6 +68,26 @@ or .Qq anonymous only. Any attempt to log in as another user will be blocked by the proxy. +.It Fl a Ar address +Specify the local IP address to use in +.Xr bind 2 +as the source for connections made by +.Nm ftp-proxy +when connecting to destination FTP servers. +This may be necessary if the interface address of +your default route is not reachable from the destinations +.Nm +is attempting connections to, or this address is different from the one +connections are being NATed to. +In the usual case this means that +.Ar address +should be a publicly visible IP address assigned to one of +the interfaces on the machine running +.Nm +and should be the same address to which you are translating traffic +if you are using the +.Fl n +option. .It Fl D Ar debuglevel Specify a debug level, where the proxy emits verbose debug output into @@ -82,14 +103,6 @@ lookups which require root. By default, .Nm uses the default group of the user it drops privilege to. -.It Fl m Ar minport -Specify the lower end of the port range the proxy will use for all -data connections it establishes. -The default is -.Dv IPPORT_HIFIRSTAUTO -defined in -.Aq Pa netinet/in.h -as 49152. .It Fl M Ar maxport Specify the upper end of the port range the proxy will use for the data connections it establishes. @@ -98,6 +111,14 @@ The default is defined in .Aq Pa netinet/in.h as 65535. +.It Fl m Ar minport +Specify the lower end of the port range the proxy will use for all +data connections it establishes. +The default is +.Dv IPPORT_HIFIRSTAUTO +defined in +.Aq Pa netinet/in.h +as 49152. .It Fl n Activate network address translation .Pq NAT @@ -175,8 +196,8 @@ A typical way to do this would be to use a .Xr pf.conf 5 rule such as .Bd -literal -offset 2n -int_if = xl0 -rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 +int_if = \&"xl0\&" +rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 .Ed .Pp .Xr inetd 8 |
