From owner-freebsd-questions Tue Oct 16 5:14:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 7AEB337B40E; Tue, 16 Oct 2001 05:14:18 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id FAA04951; Tue, 16 Oct 2001 05:13:19 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda04949; Tue Oct 16 05:13:18 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.6/8.9.1) id f9GCDFJ85754; Tue, 16 Oct 2001 05:13:15 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdo85752; Tue Oct 16 05:13:06 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.6/8.9.1) id f9GCD0M06818; Tue, 16 Oct 2001 05:13:00 -0700 (PDT) Message-Id: <200110161213.f9GCD0M06818@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdYB6814; Tue Oct 16 05:12:09 2001 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: cjclark@alum.mit.edu Cc: Jason DiCioccio , "Thomas T. Veldhouse" , David Kelly , Alfatrion , "Maine LOA List Admin (Brent Bailey)" , "Hartmann, O." , freebsd-stable@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: IPFW or IPFILTER? In-reply-to: Your message of "Fri, 12 Oct 2001 23:28:18 PDT." <20011012232818.J6274@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 16 Oct 2001 05:12:09 -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <20011012232818.J6274@blossom.cjclark.org>, "Crist J. Clark" writes: > On Fri, Oct 12, 2001 at 11:08:25PM -0700, Jason DiCioccio wrote: > > On Friday, October 12, 2001, at 08:39 , Crist J. Clark wrote: > > > On Fri, Oct 12, 2001 at 01:11:17PM -0500, Thomas T. Veldhouse wrote: > > >> FTP works in passive and active mode using IPNat. > > >> > > >> map dc1 192.168.0.0/24 -> www.xxx.yyy.zzz/32 proxy port ftp ftp/tcp > > >> map dc1 192.168.0.0/24 -> www.xxx.yyy.zzz/32 portmap tcp/udp 1025:60000 > > > > > > Except when the ftp proxy is panicing the kernel. When non-ftp data > > > was passed over port 21, up until recently, it could easily crash your > > > system. > > > > I've never seen this behavior before actually.. When was this fixed? Was > > it IPFilter or just IPFilter on FreeBSD? > > I don't think it was platform specific. I recall the discussion from > the IPFilter list, ipfilter@coombs.anu.edu.au. Look at list archives > for more info. I believe Kazaa (which, IIRC, does some funky HTTP-like > protocol on port 21 by default) was the particular application causing > people headaches. This particular problem was fixed in IPF 3.4-CURRENT (3.4.20+1). Darren doesn't have it on his FTP site nor is it pointed to by his web site. 3.4-CURRENT can be retrieved from http://coombs.anu.edu.au/~avalo n/ipf3.4-current.tgz. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message