From owner-freebsd-security  Thu Apr 15  1:10:50 1999
Delivered-To: freebsd-security@freebsd.org
Received: from kamna.i.cz (kamna.i.cz [193.85.255.30])
	by hub.freebsd.org (Postfix) with SMTP id 15BF21531A
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Apr 1999 01:10:43 -0700 (PDT)
	(envelope-from mm@i.cz)
Received: (qmail 26341 invoked from network); 15 Apr 1999 08:12:05 -0000
Received: from woody.i.cz (@193.85.255.60)
  by kamna.i.cz with SMTP; 15 Apr 1999 08:12:05 -0000
Content-Length: 1236
Message-ID: <XFMail.990415100815.mm@i.cz>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <Pine.BSF.4.10.9904142145080.23986-100000@madeline.boneyard.lawrence.ks.us>
Date: Thu, 15 Apr 1999 10:08:15 +0200 (MET DST)
Reply-To: mm@i.cz
From: Martin Machacek <mm@i.cz>
To: freebsd-security@FreeBSD.ORG
Subject: Re: IPFilter?
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On 15-Apr-99 Stephen D. Spencer wrote:
> On Wed, 14 Apr 1999, Brendan Conoboy wrote:
> 
>> [...] 
>> Speaking of which, is anybody using ipfilter's ftp proxy successfully? I
>> have successful kernel panics, but the delight in this is fleeting.
>> 
> 
> And so it goes with the version integrated with FreeBSD (3.2.7 I believe)
> 
> I am current running 3.2.11b4 with the ftp proxy successfully in use.
> (see http://cheops.anu.edu.au/~avalon/ip-filter.html)

I've had also troubles using transparent proxing with IPFilter 3.2.10 and FWTK
v 2 (with appropriate patches) on FreeBSD 2.2.8. In every case the ioctl on
/dev/ipl trying to read the original target address failed. I've tried multiple
configurations of ipnat rules with no success. I pretty much sure that I've
tried everything reasonable. The built in FTP proxy didn't work either except
for passive mode transfers (that was actually the reason why I was experimenting
with ftp-gw from FWTK). I would very much like to use IPFilter instead of ipfw
because of it's (IMO) better filtering capabilities and kernel implementation of
NAT but the problem with FTP is a clear show stopper. Don't you know whether it
works with 3.2.11b4?


        Martin 

---
[PGP KeyID F3F409C4]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message