Date: Wed, 25 Nov 1998 07:57:55 +0900 (JST) From: sanpei@sanpei.org (MIHIRA Yoshiro) To: admin@sunflower.com Cc: freebsd-current@FreeBSD.ORG Subject: Re: Panic using IPFILTER w/ NAT Message-ID: <199811242257.HAA01684@lavender.yy.cs.keio.ac.jp> In-Reply-To: Your message of "Wed, 25 Nov 1998 00:17:32 JST". <Pine.BSF.4.05.9811240856540.2721-100000@artorius.sunflower.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> FreeBSD 3.0-CURRENT #0: Mon Nov 23 21:08:21 CST 1998 >> root@madeline.sunflower.com:/usr/src/sys/compile/MADELINE >> (cvsup'd and compiled on Sunday) >> >> Running: sshd 1.2.26 >> isc-dhcpd server >> BIND 8.1.2 >> sendmail 8.9.1 >> >> Slow but has been steady for the last 4 years. :) >> >> Initial ipnat rules: >> >> map ed0 10.15.0.0/16 -> 0/32 proxy port ftp ftp/tcp >> map ed0 10.15.0.0/16 -> 0/32 portmap tcp/udp 10000:40000 >> map ed0 10.15.0.0/16 -> 0/32 I think version number of IP Filter in 3.0-CURRENT is 3.2.7. Version number of latest and released IP Filter is 3.2.10. I'm member of IP Filter mailing list. I tested many time with 3.2.10 with 2.2.6R box, and ftp proxy has many bugs before ver. 3.2.10 :-< If you do not use ftp proxy and use PASSIVE MODE ftp, your machine will be stable, I think. Moreover, currently ftp proxy reboot problem was fixed, but it does not care lost packet and does not recalculate ack number. I think ftp proxy is experimental code, I do not use this. BTW, IP Filter 3.2.10 does not support FreeBSD-3.0, only support 2.2-stable(2.1?). Darren who is author of IP Filter, said that 3.0R code is too many changes from 2.2-stable, he does not have plan to support 3.0-current. Does someone have plan to port latest IP Filter to FreeBSD-current source?? Cheers MIHIRA Yoshiro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811242257.HAA01684>