Date: Sun, 28 Oct 2001 16:24:15 +0100 (CET) From: Christian Kratzer <ck@cksoft.de> To: Johann Botha <joe@frogfoot.net> Cc: <freebsd-isp@freebsd.org> Subject: Re: punch_fw Message-ID: <Pine.LNX.4.33.0110281619550.18418-100000@hirvi.cksoft.de> In-Reply-To: <20011028141436.A549@blue.frogfoot.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Sun, 28 Oct 2001, Johann Botha wrote: [snipp] > i've used ipfilter's nat for active ftp.. worked well, but i would really > like to keep this box a ipfw box. [snipp] have you tried using the -s option on natd. This fixes active mode ftp and a couple of other protocols for natd. From the natd manpage. -use_sockets | -s Allocate a socket(2) in order to establish an FTP data or IRC DCC send connection. This option uses more system resources, but guarantees successful connections when port numbers con- flict. natd uses libalias (man libalias) to work the magic. I would be gratefull for a way of using libalias for a plain ipfw based firewall. One would propably have to hack something similar to natd and hang it in using divert. I just have not taken the time yet to fully understand the libalias api etc... to be able to hack something like that. Anybody done it yet ??? Greetings Christian -- CK Software GmbH i.G. Christian Kratzer, Schwarzwaldstr. 31, 71131 Jettingen Email: ck@cksoft.de Phone: +49 7452 889-135 Fax: +49 7452 889-136 FreeBSD spoken here! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0110281619550.18418-100000>