Date: Fri, 2 Feb 2001 13:56:37 +0100 From: "Schmalzbauer, Harald" <H.Schmalzbauer@belenus.com> To: freebsd-stable@FreeBSD.ORG Subject: AW: IPFilter 3.4.16? ftp-proxy and bimap broken on 3.4.8? Message-ID: <B14AF62CDA08D4118B8C00508B44A0B5154F3C@server02.belenus.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, there is a problem with ftp-proxy in IPF versions prior to 3.4.14. I = hope that the newer version will get as soon as possible to -stable. 1. Do a make freebsd4, make install-bsd Take care that you don't have two different versions of the binaries. I = can remember that the install-bsd puts some of them in different = directories and doesn't override all the FreeBSD standard files. 2. In FreeBSD-4.0/ copy the IPv6-pathc-4.1 to IPv6-patch-4.2 (I haven't tried 3.4.16 yet, but you had to do so for 3.4.14) Also for 3.4.14 you have to edit ip_log.c and ip_compat.c. Find "osreldate.h" (once per file) and change it to "sys/osreldate.h" Then run kinstall. This should work but as mentioned I haven't tried 3.4.16 yet but I = think Darren didn't change anything since 3.4.14 considering FreeBSD-install. - -Harry belenus GmbH Harald Schmalzbauer Sys/Net Admin Tel: +49 (89) 21979-120 Fax: +49 (89) 21979-111 www.belenus.com > -----Urspr=FCngliche Nachricht----- > Von: Thomas T. Veldhouse [mailto:veldy@veldy.net] > Gesendet: Freitag, 2. Februar 2001 07:26 > An: freebsd-stable@FreeBSD.ORG > Betreff: IPFilter 3.4.16? ftp-proxy and bimap broken on 3.4.8? >=20 >=20 > Can anybody lead me to a method of installing ipfilter 3.4.16=20 > onto a FreeBSD > 4.2-STABLE (02012000) machine? I am having trouble with=20 > 3.4.8 that comes > standard with FreeBSD. It seems that the ftp-data port is=20 > not properly > handled during ftp proxy and bimap does not seem to work=20 > either. It seems > to translate outgoing packets OK, but incoming packets=20 > (setup) do not ever > reach the internal machines. The ftp-proxy seems to fail no=20 > matter whether > I run nat using bimap or map the entire address range to one=20 > IP address. >=20 > Here are the options I am using in /etc/ipnat.rules: >=20 > -- > # allow transparent proxy of ftp > map dc1 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp >=20 > # run nat for our internal network > #map dc1 192.168.0.0/24 -> 0/32 portmap tcp/udp 30000:50000 > bimap dc1 192.168.0.1/32 -> xx.xx.xx.xx/32 > bimap dc1 192.168.0.2/32 -> yy.yy.yy.yy/32 > bimap dc1 192.168.0.4/32 -> zz.zz.zz.zz/32 > -- >=20 > Thanks in advance, >=20 > Tom Veldhouse > veldy@veldy.net >=20 >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message >=20 -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.2 iQA/AwUBOnqgdlXEptsBus8cEQITMACfY6TimOpoOT+FoiJOa8rjcPRx300An3JS rFE91lxUWACTWjnMdmD1Y29j =3DEa+0 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B14AF62CDA08D4118B8C00508B44A0B5154F3C>