Date: Sun, 28 Oct 2001 16:24:15 +0100 (CET) From: Christian Kratzer <ck@cksoft.de> To: Johann Botha <joe@frogfoot.net> Cc: <freebsd-isp@freebsd.org> Subject: Re: punch_fw Message-ID: <Pine.LNX.4.33.0110281619550.18418-100000@hirvi.cksoft.de> In-Reply-To: <20011028141436.A549@blue.frogfoot.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
On Sun, 28 Oct 2001, Johann Botha wrote:
[snipp]
> i've used ipfilter's nat for active ftp.. worked well, but i would really
> like to keep this box a ipfw box.
[snipp]
have you tried using the -s option on natd. This fixes active mode ftp
and a couple of other protocols for natd.
From the natd manpage.
-use_sockets | -s
Allocate a socket(2) in order to establish an FTP data or IRC
DCC send connection. This option uses more system resources,
but guarantees successful connections when port numbers con-
flict.
natd uses libalias (man libalias) to work the magic.
I would be gratefull for a way of using libalias for a plain ipfw based
firewall. One would propably have to hack something similar to natd and
hang it in using divert. I just have not taken the time yet to fully
understand the libalias api etc... to be able to hack something like that.
Anybody done it yet ???
Greetings
Christian
--
CK Software GmbH i.G.
Christian Kratzer, Schwarzwaldstr. 31, 71131 Jettingen
Email: ck@cksoft.de
Phone: +49 7452 889-135
Fax: +49 7452 889-136 FreeBSD spoken here!
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0110281619550.18418-100000>