From owner-freebsd-stable@FreeBSD.ORG  Sat Jan 15 20:45:04 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AA3BD16A4CE
	for <freebsd-stable@freebsd.org>;
	Sat, 15 Jan 2005 20:45:04 +0000 (GMT)
Received: from seed.net.tw (sn14.seed.net.tw [139.175.54.14])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 69D1443D54
	for <freebsd-stable@freebsd.org>;
	Sat, 15 Jan 2005 20:45:04 +0000 (GMT)
	(envelope-from guitar@jazzcafe.no-ip.org)
Received: from [221.169.112.158] (port=57031 helo=[127.0.0.1])
	by seed.net.tw with esmtp (Seednet 4.23:1)
	id 1Cpun9-000KQ0-6o; Sun, 16 Jan 2005 04:45:03 +0800
Date: Sun, 16 Jan 2005 04:45:09 +0800
From: CryBaby <guitar@jazzcafe.no-ip.org>
To: CryBaby <guitar@jazzcafe.no-ip.org>
In-Reply-To: <20050116035709.AFCE.GUITAR@jazzcafe.no-ip.org>
References: <20050116035709.AFCE.GUITAR@jazzcafe.no-ip.org>
Message-Id: <20050116044045.7FEB.GUITAR@jazzcafe.no-ip.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.12.01 [en]
cc: freebsd-stable@freebsd.org
Subject: Re: SSH Protocol mismatch
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jan 2005 20:45:04 -0000

> OS: FreeBSD 4.11-STABLE #3: Fri Jan 14 23:53:07 CST 2005
Firewall: ipfilter + ipfw
NAT: ipnat

### % less /etc/ipnat.conf ###
map vr0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
map vr0 192.168.0.0/24 -> 0/32

### /etc/ipf.conf ### (vr0: outer interface, rl0: inner interface)
block in log quick all with short
block in log quick all with ipopts

pass in on rl0 all
pass out on rl0 all
pass in on lo0 all
pass out on lo0 all

pass in log on vr0 all
pass out log on vr0 all

pass out log on vr0 proto icmp all keep state
pass out log on vr0 proto tcp/udp from any to any keep state

pass in quick on vr0 proto tcp from any to any port = ftp-data keep state
pass in quick on vr0 proto tcp from any port = ftp-data to any port > 1023 keep state





---
CryBaby <mailinglist@ms94.url.com.tw>