diff -ruN ftp-proxy/ftp-proxy.8 ftp-proxy-a/ftp-proxy.8 --- ftp-proxy/ftp-proxy.8 Fri Sep 5 07:27:47 2003 +++ ftp-proxy-a/ftp-proxy.8 Fri Oct 24 14:16:45 2003 @@ -36,6 +36,7 @@ .Sh SYNOPSIS .Nm ftp-proxy .Op Fl AnrVw +.Op Fl a Ar proxyaddr .Op Fl D Ar debuglevel .Op Fl g Ar group .Op Fl m Ar minport @@ -57,6 +58,26 @@ .Pp The options are as follows: .Bl -tag -width Ds +.It Fl a Ar proxyaddr +Specify the address through which to proxy, the client address +seen by the ftp server and the server address +the client sees on the ftp data connection. Without this argument +.Nm +chooses an appropriate address from among those assigned to +the machine's interfaces. When the default gateway is on a +private network not routeable on the Internet +(e.g. 192.168.0.0/16), this argument must be used to force the use +of a publicly routable address in order to proxy to the Internet. +.Pp +The +.Ar proxyaddr +specified must be assigned to one of the machine's interfaces. +It is seen by +.Xr pf 4 +as the originating endpont of client's proxyed +ftp control connection and both +a client and server endpoint for the proxyed ftp data connection, +directionality dependent upon the use of passive or active ftp. .It Fl A Permit only anonymous FTP connections. The proxy will allow connections to log in to other sites as the user diff -ruN ftp-proxy/ftp-proxy.c ftp-proxy-a/ftp-proxy.c --- ftp-proxy/ftp-proxy.c Fri Aug 22 16:50:34 2003 +++ ftp-proxy-a/ftp-proxy.c Fri Oct 24 13:31:45 2003 @@ -148,6 +148,7 @@ extern int Debug_Level; extern int Use_Rdns; +extern in_addr_t Proxy_Addr; extern char *__progname; typedef enum { @@ -171,8 +172,9 @@ usage(void) { syslog(LOG_NOTICE, - "usage: %s [-AnrVw] [-D debuglevel] [-g group] %s %s", - __progname, "[-m minport] [-M maxport] [-t timeout]", + "usage: %s [-AnrVw] [-a proxyaddr] [-D debuglevel] %s %s %s", + __progname, "[-g group]", + "[-m minport] [-M maxport] [-t timeout]", "[-u user]"); exit(EX_USAGE); } @@ -973,9 +975,18 @@ int use_tcpwrapper = 0; #endif /* LIBWRAP */ - while ((ch = getopt(argc, argv, "D:g:m:M:t:u:AnVwr")) != -1) { + while ((ch = getopt(argc, argv, "a:D:g:m:M:t:u:AnVwr")) != -1) { char *p; switch (ch) { + case 'a': + if (!*optarg) + usage(); + if ((Proxy_Addr = inet_addr(optarg)) == INADDR_NONE) { + syslog(LOG_NOTICE, + "%s: bad proxy address", optarg); + usage(); + } + break; case 'A': AnonFtpOnly = 1; /* restrict to anon usernames only */ break; diff -ruN ftp-proxy/util.c ftp-proxy-a/util.c --- ftp-proxy/util.c Fri Jun 27 20:04:57 2003 +++ ftp-proxy-a/util.c Fri Oct 24 14:28:48 2003 @@ -58,6 +58,7 @@ int Debug_Level; int Use_Rdns; +in_addr_t Proxy_Addr = INADDR_NONE; void debuglog(int debug_level, const char *fmt, ...); @@ -257,10 +258,13 @@ bzero(&sa, sizeof sa); sa.sin_family = AF_INET; - if (sap == NULL) - sa.sin_addr.s_addr = INADDR_ANY; + if (Proxy_Addr == INADDR_NONE) + if (sap == NULL) + sa.sin_addr.s_addr = INADDR_ANY; + else + sa.sin_addr.s_addr = sap->sin_addr.s_addr; else - sa.sin_addr.s_addr = sap->sin_addr.s_addr; + sa.sin_addr.s_addr = Proxy_Addr; /* * Indicate that we want to reuse a port if it happens that the