From owner-freebsd-isp  Sun Oct 28  7:39:33 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from ns1.cksoft.de (ns1.cksoft.de [62.111.66.1])
	by hub.freebsd.org (Postfix) with ESMTP id CE62F37B401
	for <freebsd-isp@freebsd.org>; Sun, 28 Oct 2001 07:39:29 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by ns1.cksoft.de (Postfix) with ESMTP
	id 3C00514FA0; Sun, 28 Oct 2001 16:41:54 +0100 (CET)
Received: by ns1.cksoft.de (Postfix, from userid 66)
	id 1CDBA14F9E; Sun, 28 Oct 2001 16:41:53 +0100 (CET)
Received: by hirvi.cksoft.de (Postfix, from userid 1000)
	id DDFA45F; Sun, 28 Oct 2001 16:24:15 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by hirvi.cksoft.de (Postfix) with ESMTP
	id D4BB834BB; Sun, 28 Oct 2001 16:24:15 +0100 (CET)
Date: Sun, 28 Oct 2001 16:24:15 +0100 (CET)
From: Christian Kratzer <ck@cksoft.de>
To: Johann Botha <joe@frogfoot.net>
Cc: <freebsd-isp@freebsd.org>
Subject: Re: punch_fw
In-Reply-To: <20011028141436.A549@blue.frogfoot.net>
Message-ID: <Pine.LNX.4.33.0110281619550.18418-100000@hirvi.cksoft.de>
X-Spammer-Kill-Ratio: 75%
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Hi,

On Sun, 28 Oct 2001, Johann Botha wrote:

[snipp]
> i've used ipfilter's nat for active ftp.. worked well, but i would really
> like to keep this box a ipfw box.
[snipp]

have you tried using the -s option on natd.  This fixes active mode ftp 
and a couple of other protocols for natd.

From the natd manpage.

     -use_sockets | -s
                 Allocate a socket(2) in order to establish an FTP data or IRC
                 DCC send connection.  This option uses more system resources,
                 but guarantees successful connections when port numbers con-
                 flict.

natd uses libalias (man libalias) to work the magic.

I would be gratefull for a way of using libalias for a plain ipfw based 
firewall.  One would propably have to hack something similar to natd and
hang it in using divert.  I just have not taken the time yet to fully
understand the libalias api etc... to be able to hack something like that.

Anybody done it yet ???

Greetings
Christian

-- 
CK Software GmbH i.G.		
Christian Kratzer,		Schwarzwaldstr. 31, 71131 Jettingen
Email:	ck@cksoft.de
Phone: 	+49 7452 889-135
Fax: 	+49 7452 889-136	FreeBSD spoken here!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message