From owner-freebsd-stable  Sat Oct 13  7:53:27 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from veldy.net (veldy-host33.dsl.visi.com [209.98.200.33])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6303C37B407; Sat, 13 Oct 2001 07:45:19 -0700 (PDT)
Received: from cascade (cascade.veldy.net [192.168.1.1])
	by veldy.net (Postfix) with SMTP
	id 413EFBAC4; Sat, 13 Oct 2001 09:45:17 -0500 (CDT)
Message-ID: <003201c153f5$b8be80b0$0101a8c0@cascade>
From: "Thomas T. Veldhouse" <veldy@veldy.net>
To: <cjclark@alum.mit.edu>
Cc: "David Kelly" <dkelly@hiwaay.net>,
	"Alfatrion" <alfatrion@cybertron.tmfweb.nl>,
	"Maine LOA List Admin (Brent Bailey)" <brentb@loa.com>,
	"Hartmann, O." <ohartman@klima.physik.uni-mainz.de>,
	<freebsd-stable@FreeBSD.ORG>, <freebsd-questions@FreeBSD.ORG>
References: <20011012154307.O52936-100000@klima.physik.uni-mainz.de> <003601c15328$db264480$24b4a8c0@pretorian> <3BC700CE.8000201@cybertron.tmfweb.nl> <010001c15331$23f1da00$3028680a@tgt.com> <20011012130628.A11301@grumpy.dyndns.org> <017101c15349$4a413530$3028680a@tgt.com> <20011012203938.E6274@blossom.cjclark.org>
Subject: Re: IPFW or IPFILTER?
Date: Sat, 13 Oct 2001 09:45:37 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

I have been using it steadily for the last 6 months without any incident as
you described.  None at all.

Tom Veldhouse
veldy@veldy.net

----- Original Message -----
From: "Crist J. Clark" <cristjc@earthlink.net>
To: "Thomas T. Veldhouse" <veldy@veldy.net>
Cc: "David Kelly" <dkelly@hiwaay.net>; "Alfatrion"
<alfatrion@cybertron.tmfweb.nl>; "Maine LOA List Admin (Brent Bailey)"
<brentb@loa.com>; "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>;
<freebsd-stable@FreeBSD.ORG>; <freebsd-questions@FreeBSD.ORG>
Sent: Friday, October 12, 2001 10:39 PM
Subject: Re: IPFW or IPFILTER?


> On Fri, Oct 12, 2001 at 01:11:17PM -0500, Thomas T. Veldhouse wrote:
> > FTP works in passive and active mode using IPNat.
> >
> > map dc1 192.168.0.0/24 -> www.xxx.yyy.zzz/32 proxy port ftp ftp/tcp
> > map dc1 192.168.0.0/24 -> www.xxx.yyy.zzz/32 portmap tcp/udp 1025:60000
>
> Except when the ftp proxy is panicing the kernel. When non-ftp data
> was passed over port 21, up until recently, it could easily crash your
> system. One of the nice things about natd(8) is that it takes that
> kind of stuff out of the kernel so that kind of failure is not so
> dramatic. One of the problems with natd(8) is that there is a fair
> performance penalty for talking things out to userspace and back.
>
> Both ipf(8) and ipfw(8) have pros and cons.
> --
> Crist J. Clark                     |     cjclark@alum.mit.edu
>                                    |     cjclark@jhu.edu
> http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message