# ftp/ftpproxy Behind NAT



## tuaris (Feb 27, 2017)

I have installed ftp/ftpproxy and configured it as a reverse proxy to some FTP servers on my local network.  The system (the proxy server) is behind a NAT as shown below.


```
EXTERNAL CLIENT <--------> NAT <---------> FTP PROXY <-----> FTP SERVER
```

Due to this setup `ftp.proxy` it's responding with a non-routable IP address when *PASV* mode is used.


```
Command:   PASV
Response:   227 Entering Passive Mode (192,168,0,37,187,214)
```

According to the (very limited) documentation, it looks like I need to add some additional log to the connection translation program (ctp).  Unfortunately there is no hint or examples of how to do this, especially with a dynamic IP address.

Is anyone familiar with how to do this?


----------



## lostpacket (Mar 2, 2017)

Not sure what firewall you are using, should be matter of starting ftp-proxy in reverse dns:

```
/usr/sbin/ftp-proxy -p 8021 -R 192.168.1.1 -P 21 -D7 -v
```
where ip = port to listen on, -R where to forward, -P port to connect to, -D7 debug level, -v set log on pf rules

then in pf.conf:

```
anchor "ftp-proxy/*"
pass in log on $ExtIf inet proto tcp from any to ($ExtIf) port ftp flags S/SAFR modulate state divert-to lo0 port 8021
```


----------

