From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:58:44 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id C4CBC16A4CF; Thu, 16 Sep 2004 03:58:44 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 86405 invoked by uid 1005); 20 Dec 2003 03:05:55 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 86402 invoked from network); 20 Dec 2003 03:05:54 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by p50839e6c.dip.t-dialin.net with SMTP; 20 Dec 2003 03:05:54 -0000 Received: from [212.227.126.139] (helo=mxng12.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AXXMy-0002j2-00 for max@vampire.homelinux.org; Sat, 20 Dec 2003 04:01:32 +0100 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng12.kundenserver.de with esmtp (Exim 3.35 #1) id 1AXXMy-0006nX-00 for max@love2party.net; Sat, 20 Dec 2003 04:01:32 +0100 Received: from turing (localhost [127.0.0.1])ESMTP id 23C4A394CE8; Fri, 19 Dec 2003 21:44:19 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 19 Dec 2003 21:44:08 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from eth0.b.smtp.sonic.net (eth0.b.smtp.sonic.net [64.142.19.4]) ESMTP id 1D85B394B88 for ; Fri, 19 Dec 2003 21:44:07 -0500 (EST) Received: from microshaft.org (adsl-208-201-230-17.sonic.net [208.201.230.17]) (authenticated bits=0) by eth0.b.smtp.sonic.net (8.12.10/8.12.7) with ESMTP id hBK31HdM027127 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Fri, 19 Dec 2003 19:01:18 -0800 Message-ID: <3FE3BCD2.8000405@microshaft.org> From: Kelsey Cummings User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030529 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <20031203113200.780a87da.matteo.niccoli@finsystem.net> <20031203170735.GM14907@zot.electricrain.com> <3FE27676.1080607@microshaft.org> <3FE281C7.2000204@dequim.ist.utl.pt> In-Reply-To: <3FE281C7.2000204@dequim.ist.utl.pt> Content-type: text/plain; charset=ISO-8859-1 X-archive-position: 242 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: kgc@microshaft.org Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-Provags-Forward: max@love2party.net -> max@vampire.homelinux.org X-UID: 360 X-Length: 3943 X-Mailman-Approved-At: Thu, 16 Sep 2004 04:00:27 +0000 Subject: [pf4freebsd] Re: Problem with ftp-proxy. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:58:44 -0000 X-Original-Date: Fri, 19 Dec 2003 19:06:58 -0800 X-List-Received-Date: Thu, 16 Sep 2004 03:58:44 -0000 Bruno Afonso wrote: >Kelsey Cummings wrote: > > =20 > >>Gregory P. Smith wrote: >> >> >> =20 >> >>>These are my rules that work for ftp proxy on my nat+firewall system. >>> >>> >>> =20 >>> >>Just out of curiosity, anyone have the FTP proxy working on a bridgemod= e=20 >>firewall? I *just can't* get it to work right, even on my OpenBSD=20 >>firewall. >> =20 >> > >If you're bridging, you do not have ips, so it does not make sense to=20 >use a proxy. > I should probably clarify that it's bridging and routing. I have a /29 briged and a /28 routed via my DSL circuit. Strange, but I=20 work for the ISP that I get the service from. The reasons for having this is that my workstations go on the bridged=20 IPs to allow for Multicast reception, sourcing on them. I've yet to=20 find a IGMP proxy for unix that is functional, otherwise everything=20 would live on the routed block. (Which right now is unused.) The 'wan' IP of my firewall is the first of the bridged IPs bound to=20 dc0, my workstation, the second, out dc1 via bridge group of dc0 and dc1 I'd hoped to be able to use the ftp proxy from my workstations so as to=20 not have to open the backchannels, etc. -K