PF is very robust firewall solution, but for some historical ftp glitches you still need a way around, and one of the solutions is ftp proxy, sitting on the firewall host. Running on the
FreeBSD and installed from ports,
pftpx does very well this job, it can serve internal NAT’ed clients and also run in reverse mode for a server behind NAT. And for the internal pftpx clients there may be few sites which produce the following syslog error:
1 Apr 3 09:18:03 tori pftpx: #4102 server reply too long
At the same time on the client trying to connect to the site:
It turns out the site sends a very long greeting message, which doesn’t fit in default pftpx buffer, so it ends connection. QuickNdirty solution is to drop attached below small patch into
/usr/ports/ftp/pftpx/files/ directory, it will just change the default buffer size from
1024, so the site greeting message will fit.