From owner-freebsd-pf@FreeBSD.ORG  Sat Jul  8 19:41:41 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6C64E16A4DA
	for <freebsd-pf@freebsd.org>; Sat,  8 Jul 2006 19:41:41 +0000 (UTC)
	(envelope-from dimas@dataart.com)
Received: from relay1.dataart.com (fobos.marketsite.ru [62.152.84.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0240143D45
	for <freebsd-pf@freebsd.org>; Sat,  8 Jul 2006 19:41:40 +0000 (GMT)
	(envelope-from dimas@dataart.com)
Received: from e1.universe.dart.spb ([192.168.10.44])
	by relay1.dataart.com with esmtp (Exim 4.62)
	(envelope-from <dimas@dataart.com>)
	id 1FzIgM-000PVj-Ll; Sat, 08 Jul 2006 23:41:38 +0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sat, 8 Jul 2006 23:38:55 +0400
Message-ID: <D5972F49810A69449A9EA72A4B360DC2D0A38B@e1.universe.dart.spb>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: proxies
Thread-Index: Acaiv0ntEqRBALQURu+wVt3sI41PbQABZdLg
From: "Dmitry Andrianov" <dimas@dataart.com>
To: "Gergely CZUCZY" <phoemix@harmless.hu>
Cc: freebsd-pf@freebsd.org
Subject: RE: proxies
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2006 19:41:41 -0000


> we do it a bit different way.
> man ftp-proxy

Well, it is _completely_ different way. It is only applicable on the
gateway router (which performs NAT) but can not be used on our internal
router because this way FTP server does not see client's real IP.

There are two different things:=20
    a) punching holes in the firewall to accept related connections
    b) "patching" traffic to translate Ips contained in the application
level data

On the NAT-less router I obviously only need first. The approach you
suggesting always do both and there is no way of avoiding second.

> that's for FTP, but a similar program can be constructed for different
protocolls

Actually, my question was if PPTP, H323 etc modules _already_ available.
>From your anwser I guess no...

Thanks

Regards,
Dmitry Andrianov