From owner-freebsd-pf@FreeBSD.ORG  Sat Jul  8 08:35:00 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 000FB16A4DF
	for <freebsd-pf@freebsd.org>; Sat,  8 Jul 2006 08:34:59 +0000 (UTC)
	(envelope-from dimas@dataart.com)
Received: from relay1.dataart.com (fobos.marketsite.ru [62.152.84.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0955343D45
	for <freebsd-pf@freebsd.org>; Sat,  8 Jul 2006 08:34:58 +0000 (GMT)
	(envelope-from dimas@dataart.com)
Received: from e1.universe.dart.spb ([192.168.10.44])
	by relay1.dataart.com with esmtp (Exim 4.62)
	(envelope-from <dimas@dataart.com>) id 1Fz8HA-000CD5-U1
	for freebsd-pf@freebsd.org; Sat, 08 Jul 2006 12:34:56 +0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Sat, 8 Jul 2006 12:32:13 +0400
Message-ID: <D5972F49810A69449A9EA72A4B360DC2D0A385@e1.universe.dart.spb>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: proxies
Thread-Index: AcaiaWP6PF9J63JrSdacTCmOd6L+5A==
From: "Dmitry Andrianov" <dimas@dataart.com>
To: <freebsd-pf@freebsd.org>
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: proxies
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2006 08:35:00 -0000

Hello.
=20
On Linux there are conntrack "modules" for many protocols available
which:
1. identify related connections and let them go through firewall (like
FTP data is related to FTP control)
2. Let things work through NAT - translate addresses in the FTP control
connections, identify different PPTP connections even if they go to the
same endpoint etc
=20
So the question is: does pf have anything similar? I'm most interested
in FTP, RPC and establishing multiple PPTP connections through NAT to
the same endpoint.
=20
Currently I use ftpsesame for FTP - it does its job great but it is FTP
specific solution obviously, RPC would requirs another application
listening for traffic (bpf) and changing firewall. Is there a more clean
way?
=20
Regards,
Dmitry Andrianov
=20