Tested With: wu-ftpd 2.6.0
First, we need to add an additional class for users that are allowed to do FXP (unless you just want to use the predefined class "all"). If you add a new class, this line MUST be before the catch-all class "all", or the client will match class "all" first.
The line is of the form:
class <ArbitraryClassName> <AccessTypes> <HostAddrs> [HostAddrs]
Then we add lines to allow PASV and PORT commands to hosts whose IPs don't match the client (to allow FXP)
These lines are of the form:
port-allow <ArbitraryClassName> <HostAddrs>
pasv-allow <ArbitraryClassName> <HostAddrs>
And now to put it into practice - a real example
class newclass real,guest,anonymous *.mydomain.net
class all real,guest,anonymous *
port-allow newclass 0.0.0.0/0
pasv-allow newclass 0.0.0.0/0
This basically adds a new class (creatively called "newclass") - note that it appears BEFORE the line containing the class "all" - this new class contains all hosts in the subdomains mydomain.net and more.client.addresses.com (domains obviously made up by yours truly), in order to limit who we will allow to do FXP. The port-allow and pasv-allow lines basically allow FXP connections to anywhere if your client is in the class "newclass".