Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Apr 2013 14:57:06 +0400
From:      Slawa Olhovchenkov <slw@zxy.spb.ru>
To:        freebsd-current@freebsd.org
Subject:   Re: ipfilter(4) needs maintainer
Message-ID:  <20130415105706.GB21132@zxy.spb.ru>
In-Reply-To: <66408799.20130415145023@serebryakov.spb.ru>
References:  <20130414160648.GD96431@in-addr.com> <36562.1365960622.5652758659450863616@ffe10.ukr.net> <201304150025.07337.Mark.Martinec%2Bfreebsd@ijs.si> <951943801.20130415141536@serebryakov.spb.ru> <CA%2B7WWSeODqdP1_7MDs6=BiGF%2BDSR62w21uu4hS3PtTDBkmshsg@mail.gmail.com> <195468703.20130415143237@serebryakov.spb.ru> <CA%2B7WWSdbEx7Kbc0WOBNLc-vH19DdKK7L-xORO8SepKcMQR2xEg@mail.gmail.com> <621849003.20130415144428@serebryakov.spb.ru> <CA%2B7WWSeXLC6mJXB9zv2p3e1Q-z2Xf3mH9h0SqOmiXWRGLFs4GA@mail.gmail.com> <66408799.20130415145023@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Apr 15, 2013 at 02:50:23PM +0400, Lev Serebryakov wrote:

> KP> I'm however talking about an ftp client behind a very restrictive
> KP> firewall making an IPv6 connection an ftp server that uses passive
> KP> mode data ports that can't be known in advance.
>   Same solution -- inspection of connections to 21 port, without any
>  address translation. And if FTP server uses non-standard control
>  port, yes, here is a problem, but it cannot be solved with NAT too
>  (or your NAT/firewall should expect each and every connection for FTP
>  commands, which is heavy and error-prone task).

Not heavy.
But error-prone, yes.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130415105706.GB21132>