ipfilter(4) needs maintainer
Lev Serebryakov
lev at FreeBSD.org
Mon Apr 15 10:50:26 UTC 2013
Hello, Kimmo.
You wrote 15 апреля 2013 г., 14:47:24:
KP> I'm however talking about an ftp client behind a very restrictive
KP> firewall making an IPv6 connection an ftp server that uses passive
KP> mode data ports that can't be known in advance.
Same solution -- inspection of connections to 21 port, without any
address translation. And if FTP server uses non-standard control
port, yes, here is a problem, but it cannot be solved with NAT too
(or your NAT/firewall should expect each and every connection for FTP
commands, which is heavy and error-prone task).
--
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>
More information about the freebsd-net
mailing list