From owner-freebsd-net  Sat Oct 21 11:10:52 2000
Delivered-To: freebsd-net@freebsd.org
Received: from piranha.amis.net (piranha.amis.net [212.18.32.3])
	by hub.freebsd.org (Postfix) with ESMTP id 180BA37B4C5
	for <freebsd-net@freebsd.org>; Sat, 21 Oct 2000 11:10:50 -0700 (PDT)
Received: from titanic.medinet.si (titanic.medinet.si [212.18.32.66])
	by piranha.amis.net (Postfix) with ESMTP id 058245D45
	for <freebsd-net@freebsd.org>; Sat, 21 Oct 2000 20:10:49 +0200 (CEST)
Date: Sat, 21 Oct 2000 20:10:49 +0200 (CEST)
From: Blaz Zupan <blaz@amis.net>
X-Sender: blaz@titanic.medinet.si
To: freebsd-net@freebsd.org
Subject: Using punch_fw from natd
Message-ID: <Pine.BSF.4.21.0010212007010.70509-100000@titanic.medinet.si>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I have two firewalls, protecting our two office networks. The firewalls are
simply ipfw rules, without using NAT (and natd). The only remaining "big hole"
I have is, that I need to open TCP ports above 1024 for incoming active FTP
requests. I'd like to close this remaining hole and noticed the punch_fw
option to natd, which does what I want - the problem is, that it is built into
natd and works only on packets that are aliased by natd. But I don't want to
do network address translation, I just need a daemon that will open incoming
TCP ports for active FTP connections. Does anybody have a solution? Maybe a
way to convince natd to do the port-punching without aliasing packets?

Blaz Zupan,  Medinet d.o.o, Linhartova 21, 2000 Maribor, Slovenia
E-mail: blaz@amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message