| What? (Or pardon, as we make my son say instead of what? ...)
There is absolutely no way that the generic relay can handle ftp. There never
will be such a way. The problem with ftp is that it is a complex protocol, in
which the server makes a reverse connection to the client to handle any larger
amount of data, such as a file transfer.
We have one customer that has used the generic relay to handle http - he
insisted on having his public web servers on that internal network, and he uses
the generic relay to carry the traffic inside the firewall. This particular
application, at least, is a mess, and I would strongly encourage any customer
away from this idea.
Both firewall products - indeed all the AltaVista firewall products (did you
know there are now 6 of them?) - have a WWW proxy that can handle outgoing http,
ftp, gopher, wais, https and snews requests from internal clients to external
servers.
What is the purpose of the question? What are you trying to achieve? That
would help us give a more specific answer ...
T
|
| What I have done for a customer that has an anonymous ftp server on their
public web server (on the DMZ net) is to use the generic relay for http and
the ftp relay for ftp. I created an internal (blue) server group with the
web server as the only system in the group. I then added the following two
lines to /usr/dfws/config/ftpxd-custom.acl:
include "/usr/dfws/config/customgrps.acl";
allow unknown inside red net ftp,gets,puts grpID;
(where grpID is the id of the group defined in
customgrps.acl)
We then added instructions in help_ftpxd.txt for the connection.
Bill
|