Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 8 Jul 2006 20:22:53 +0200
From:      phoemix@harmless.hu (Gergely CZUCZY)
To:        Dmitry Andrianov <dimas@dataart.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: proxies
Message-ID:  <20060708182252.GA18258@marvin.harmless.hu>
In-Reply-To: <D5972F49810A69449A9EA72A4B360DC2D0A385@e1.universe.dart.spb>
References:  <D5972F49810A69449A9EA72A4B360DC2D0A385@e1.universe.dart.spb>
next in thread | previous in thread | raw e-mail | index | archive | help 

--5mCyUwZo2JvN/JJP
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jul 08, 2006 at 12:32:13PM +0400, Dmitry Andrianov wrote:
> Hello.
> =20
> On Linux there are conntrack "modules" for many protocols available
> which:
> 1. identify related connections and let them go through firewall (like
> FTP data is related to FTP control)
> 2. Let things work through NAT - translate addresses in the FTP control
> connections, identify different PPTP connections even if they go to the
> same endpoint etc
> =20
> So the question is: does pf have anything similar? I'm most interested
> in FTP, RPC and establishing multiple PPTP connections through NAT to
> the same endpoint.
> =20
> Currently I use ftpsesame for FTP - it does its job great but it is FTP
> specific solution obviously, RPC would requirs another application
> listening for traffic (bpf) and changing firewall. Is there a more clean
> way?
we do it a bit different way.
man ftp-proxy
that's for FTP, but a similar program can be constructed
for different protocolls

the connection is redirected to the -proxy application, which
mines out from the state table where it ought to go, it connects to
there, and acts like a proxy all the way.

Bye,

Gergely Czuczy
mailto: gergely.czuczy@harmless.hu
PGP: http://phoemix.harmless.hu/phoemix.pgp

Weenies test. Geniuses solve problems that arise.

--5mCyUwZo2JvN/JJP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEr/f8bBsEN0U7BV0RAgduAJ9ccCnvo0fvlv1UUMRq0utXLtiFDwCffFTl
cJTkgW+Z1BLO2lLGgTd9jZc=
=myNz
-----END PGP SIGNATURE-----

--5mCyUwZo2JvN/JJP--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060708182252.GA18258>