diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2004-01-22 16:10:31 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2004-01-22 16:10:31 +0000 |
| commit | f51973b2600a8789765a6dfa1b6fd1f2c5c8e515 (patch) | |
| tree | bc1d1cf3b530ac4afe8919cc854f8682035584b0 | |
| parent | a4cb6d4b2878b9d2750934aaeb7da8f05f281f69 (diff) | |
Add a -a address option to set the address which the proxy will use
to bind the local end of outgoing connections, and some man page
cleanup. Based on diff provided in pr 3538 by Karl O. Pinc <kop@meme.com>
Closes pr 3538. ok dhartmei@
| -rw-r--r-- | libexec/ftp-proxy/ftp-proxy.8 | 41 | ||||
| -rw-r--r-- | libexec/ftp-proxy/ftp-proxy.c | 19 | ||||
| -rw-r--r-- | libexec/ftp-proxy/util.c | 12 |
3 files changed, 53 insertions, 19 deletions
diff --git a/libexec/ftp-proxy/ftp-proxy.8 b/libexec/ftp-proxy/ftp-proxy.8 index 2832ddbb9d2..4484cbdffcb 100644 --- a/libexec/ftp-proxy/ftp-proxy.8 +++ b/libexec/ftp-proxy/ftp-proxy.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ftp-proxy.8,v 1.37 2003/09/05 12:27:47 jmc Exp $ +.\" $OpenBSD: ftp-proxy.8,v 1.38 2004/01/22 16:10:30 beck Exp $ .\" .\" Copyright (c) 1996-2001 .\" Obtuse Systems Corporation, All rights reserved. @@ -36,10 +36,11 @@ .Sh SYNOPSIS .Nm ftp-proxy .Op Fl AnrVw +.Op Fl a Ar address .Op Fl D Ar debuglevel .Op Fl g Ar group -.Op Fl m Ar minport .Op Fl M Ar maxport +.Op Fl m Ar minport .Op Fl t Ar timeout .Op Fl u Ar user .Sh DESCRIPTION @@ -65,6 +66,26 @@ or .Qq anonymous only. Any attempt to log in as another user will be blocked by the proxy. +.It Fl a Ar address +Specify the local IP address to use in +.Xr bind 2 +as the source for connections made by +.Nm ftp-proxy +when connecting to destination FTP servers. +This may be necessary if the interface address of +your default route is not reachable from the destinations +.Nm +is attempting connections to, or this address is different from the one +connections are being NATed to. +In the usual case this means that +.Ar address +should be a publicly visible IP address assigned to one of +the interfaces on the machine running +.Nm +and should be the same address to which you are translating traffic +if you are using the +.Fl n +option. .It Fl D Ar debuglevel Specify a debug level, where the proxy emits verbose debug output into @@ -80,14 +101,6 @@ lookups which require root. By default, .Nm uses the default group of the user it drops privilege to. -.It Fl m Ar minport -Specify the lower end of the port range the proxy will use for all -data connections it establishes. -The default is -.Dv IPPORT_HIFIRSTAUTO -defined in -.Aq Pa netinet/in.h -as 49152. .It Fl M Ar maxport Specify the upper end of the port range the proxy will use for the data connections it establishes. @@ -96,6 +109,14 @@ The default is defined in .Aq Pa netinet/in.h as 65535. +.It Fl m Ar minport +Specify the lower end of the port range the proxy will use for all +data connections it establishes. +The default is +.Dv IPPORT_HIFIRSTAUTO +defined in +.Aq Pa netinet/in.h +as 49152. .It Fl n Activate network address translation .Pq NAT diff --git a/libexec/ftp-proxy/ftp-proxy.c b/libexec/ftp-proxy/ftp-proxy.c index 88b6fd16b86..d92661a20c9 100644 --- a/libexec/ftp-proxy/ftp-proxy.c +++ b/libexec/ftp-proxy/ftp-proxy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ftp-proxy.c,v 1.33 2003/08/22 21:50:34 david Exp $ */ +/* $OpenBSD: ftp-proxy.c,v 1.34 2004/01/22 16:10:30 beck Exp $ */ /* * Copyright (c) 1996-2001 @@ -148,6 +148,7 @@ char *Group; extern int Debug_Level; extern int Use_Rdns; +extern in_addr_t Bind_Addr; extern char *__progname; typedef enum { @@ -171,9 +172,8 @@ static void usage(void) { syslog(LOG_NOTICE, - "usage: %s [-AnrVw] [-D debuglevel] [-g group] %s %s", - __progname, "[-m minport] [-M maxport] [-t timeout]", - "[-u user]"); + "usage: %s [-AnrVw] [-a address] [-D debuglevel [-g group]" + " [-M maxport] [-m minport] [-t timeout] [-u user]", __progname); exit(EX_USAGE); } @@ -973,9 +973,18 @@ main(int argc, char *argv[]) int use_tcpwrapper = 0; #endif /* LIBWRAP */ - while ((ch = getopt(argc, argv, "D:g:m:M:t:u:AnVwr")) != -1) { + while ((ch = getopt(argc, argv, "a:D:g:m:M:t:u:AnVwr")) != -1) { char *p; switch (ch) { + case 'a': + if (!*optarg) + usage(); + if ((Bind_Addr = inet_addr(optarg)) == INADDR_NONE) { + syslog(LOG_NOTICE, + "%s: invalid address", optarg); + usage(); + } + break; case 'A': AnonFtpOnly = 1; /* restrict to anon usernames only */ break; diff --git a/libexec/ftp-proxy/util.c b/libexec/ftp-proxy/util.c index b308063d94e..17a88cae643 100644 --- a/libexec/ftp-proxy/util.c +++ b/libexec/ftp-proxy/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.17 2003/12/22 21:53:40 deraadt Exp $ */ +/* $OpenBSD: util.c,v 1.18 2004/01/22 16:10:30 beck Exp $ */ /* * Copyright (c) 1996-2001 @@ -58,6 +58,7 @@ int Debug_Level; int Use_Rdns; +in_addr_t Bind_Addr = INADDR_NONE; void debuglog(int debug_level, const char *fmt, ...); @@ -258,10 +259,13 @@ get_backchannel_socket(int type, int min_port, int max_port, int start_port, bzero(&sa, sizeof sa); sa.sin_family = AF_INET; - if (sap == NULL) - sa.sin_addr.s_addr = INADDR_ANY; + if (Bind_Addr == INADDR_NONE) + if (sap == NULL) + sa.sin_addr.s_addr = INADDR_ANY; + else + sa.sin_addr.s_addr = sap->sin_addr.s_addr; else - sa.sin_addr.s_addr = sap->sin_addr.s_addr; + sa.sin_addr.s_addr = Bind_Addr; /* * Indicate that we want to reuse a port if it happens that the |