From owner-freebsd-questions  Fri Oct 12 23:28:34 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22])
	by hub.freebsd.org (Postfix) with ESMTP
	id DEFE137B40F; Fri, 12 Oct 2001 23:28:28 -0700 (PDT)
Received: from blossom.cjclark.org (dialup-209.245.143.238.Dial1.SanJose1.Level3.net [209.245.143.238])
	by hawk.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id XAA28202;
	Fri, 12 Oct 2001 23:28:24 -0700 (PDT)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id f9D6SJG07707;
	Fri, 12 Oct 2001 23:28:19 -0700 (PDT)
	(envelope-from cjc)
Date: Fri, 12 Oct 2001 23:28:18 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Jason DiCioccio <geniusj@bluenugget.net>
Cc: "Thomas T. Veldhouse" <veldy@veldy.net>,
	David Kelly <dkelly@hiwaay.net>,
	Alfatrion <alfatrion@cybertron.tmfweb.nl>,
	"Maine LOA List Admin (Brent Bailey)" <brentb@loa.com>,
	"Hartmann, O." <ohartman@klima.physik.uni-mainz.de>,
	freebsd-stable@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject: Re: IPFW or IPFILTER?
Message-ID: <20011012232818.J6274@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20011012203938.E6274@blossom.cjclark.org> <B67B2D46-BFA0-11D5-B5AB-0003930352A4@bluenugget.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <B67B2D46-BFA0-11D5-B5AB-0003930352A4@bluenugget.net>; from geniusj@bluenugget.net on Fri, Oct 12, 2001 at 11:08:25PM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Fri, Oct 12, 2001 at 11:08:25PM -0700, Jason DiCioccio wrote:
> On Friday, October 12, 2001, at 08:39 , Crist J. Clark wrote:
> > On Fri, Oct 12, 2001 at 01:11:17PM -0500, Thomas T. Veldhouse wrote:
> >> FTP works in passive and active mode using IPNat.
> >>
> >> map dc1 192.168.0.0/24 -> www.xxx.yyy.zzz/32 proxy port ftp ftp/tcp
> >> map dc1 192.168.0.0/24 -> www.xxx.yyy.zzz/32 portmap tcp/udp 1025:60000
> >
> > Except when the ftp proxy is panicing the kernel. When non-ftp data
> > was passed over port 21, up until recently, it could easily crash your
> > system.
> 
> I've never seen this behavior before actually.. When was this fixed? Was 
> it IPFilter or just IPFilter on FreeBSD?

I don't think it was platform specific. I recall the discussion from
the IPFilter list, ipfilter@coombs.anu.edu.au. Look at list archives
for more info. I believe Kazaa (which, IIRC, does some funky HTTP-like
protocol on port 21 by default) was the particular application causing
people headaches.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message