PF is very robust firewall solution, but for some historical ftp glitches you still need a way around, and one of the solutions is ftp proxy,
sitting on the firewall host. Running on the FreeBSD and installed from ports, pftpx does very well this job, it can serve internal NAT’ed
clients and also run in reverse mode for a server behind NAT. And for the internal pftpx clients there may be few sites which produce the
following syslog error:
1
Apr 3 09:18:03 tori pftpx[1142]: #4102 server reply too long
At the same time on the client trying to connect to the site:
host1:~ user1$ ftp ftp.alientechnology.com
Connected to ftp.alientechnology.com.
220-ftp.alientechnology.com X2 WS_FTP Server 4.0.0 (3806493092)
421 Service not available, remote server has closed connection.
ftp> It turns out the site sends a very long greeting message, which doesn’t fit in default pftpx buffer, so it ends connection. QuickNdirty solution
is to drop attached below small patch into /usr/ports/ftp/pftpx/files/ directory, it will just change the default buffer size from 500 to 1024,
so the site greeting message will fit.
--- pftpx.c.orig Tue Apr 3 09:54:17 2007
+++ pftpx.c Tue Apr 3 09:55:56 2007
@@ -44,7 +44,7 @@
#define CONNECT_TIMEOUT 30
#define MIN_PORT 1024
-#define MAX_LINE 500
+#define MAX_LINE 1024
#define MAX_LOGLINE 300
#define NTOP_BUFS 3
#define TCP_BACKLOG 10