Date: Sat, 13 Oct 2001 09:45:37 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: <cjclark@alum.mit.edu> Cc: "David Kelly" <dkelly@hiwaay.net>, "Alfatrion" <alfatrion@cybertron.tmfweb.nl>, "Maine LOA List Admin (Brent Bailey)" <brentb@loa.com>, "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>, <freebsd-stable@FreeBSD.ORG>, <freebsd-questions@FreeBSD.ORG> Subject: Re: IPFW or IPFILTER? Message-ID: <003201c153f5$b8be80b0$0101a8c0@cascade> References: <20011012154307.O52936-100000@klima.physik.uni-mainz.de> <003601c15328$db264480$24b4a8c0@pretorian> <3BC700CE.8000201@cybertron.tmfweb.nl> <010001c15331$23f1da00$3028680a@tgt.com> <20011012130628.A11301@grumpy.dyndns.org> <017101c15349$4a413530$3028680a@tgt.com> <20011012203938.E6274@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I have been using it steadily for the last 6 months without any incident as you described. None at all. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Crist J. Clark" <cristjc@earthlink.net> To: "Thomas T. Veldhouse" <veldy@veldy.net> Cc: "David Kelly" <dkelly@hiwaay.net>; "Alfatrion" <alfatrion@cybertron.tmfweb.nl>; "Maine LOA List Admin (Brent Bailey)" <brentb@loa.com>; "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>; <freebsd-stable@FreeBSD.ORG>; <freebsd-questions@FreeBSD.ORG> Sent: Friday, October 12, 2001 10:39 PM Subject: Re: IPFW or IPFILTER? > On Fri, Oct 12, 2001 at 01:11:17PM -0500, Thomas T. Veldhouse wrote: > > FTP works in passive and active mode using IPNat. > > > > map dc1 192.168.0.0/24 -> www.xxx.yyy.zzz/32 proxy port ftp ftp/tcp > > map dc1 192.168.0.0/24 -> www.xxx.yyy.zzz/32 portmap tcp/udp 1025:60000 > > Except when the ftp proxy is panicing the kernel. When non-ftp data > was passed over port 21, up until recently, it could easily crash your > system. One of the nice things about natd(8) is that it takes that > kind of stuff out of the kernel so that kind of failure is not so > dramatic. One of the problems with natd(8) is that there is a fair > performance penalty for talking things out to userspace and back. > > Both ipf(8) and ipfw(8) have pros and cons. > -- > Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu > http://people.freebsd.org/~cjc/ | cjc@freebsd.org > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003201c153f5$b8be80b0$0101a8c0>