proxies
Gergely CZUCZY
phoemix at harmless.hu
Sat Jul 8 18:22:57 UTC 2006
On Sat, Jul 08, 2006 at 12:32:13PM +0400, Dmitry Andrianov wrote:
> Hello.
>
> On Linux there are conntrack "modules" for many protocols available
> which:
> 1. identify related connections and let them go through firewall (like
> FTP data is related to FTP control)
> 2. Let things work through NAT - translate addresses in the FTP control
> connections, identify different PPTP connections even if they go to the
> same endpoint etc
>
> So the question is: does pf have anything similar? I'm most interested
> in FTP, RPC and establishing multiple PPTP connections through NAT to
> the same endpoint.
>
> Currently I use ftpsesame for FTP - it does its job great but it is FTP
> specific solution obviously, RPC would requirs another application
> listening for traffic (bpf) and changing firewall. Is there a more clean
> way?
we do it a bit different way.
man ftp-proxy
that's for FTP, but a similar program can be constructed
for different protocolls
the connection is redirected to the -proxy application, which
mines out from the state table where it ought to go, it connects to
there, and acts like a proxy all the way.
Bye,
Gergely Czuczy
mailto: gergely.czuczy at harmless.hu
PGP: http://phoemix.harmless.hu/phoemix.pgp
Weenies test. Geniuses solve problems that arise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20060708/7c300412/attachment.pgp
More information about the freebsd-pf
mailing list