On Sat, Jul 08, 2006 at 12:32:13PM +0400, Dmitry Andrianov wrote: > Hello. > > On Linux there are conntrack "modules" for many protocols available > which: > 1. identify related connections and let them go through firewall (like > FTP data is related to FTP control) > 2. Let things work through NAT - translate addresses in the FTP control > connections, identify different PPTP connections even if they go to the > same endpoint etc > > So the question is: does pf have anything similar? I'm most interested > in FTP, RPC and establishing multiple PPTP connections through NAT to > the same endpoint. > > Currently I use ftpsesame for FTP - it does its job great but it is FTP > specific solution obviously, RPC would requirs another application > listening for traffic (bpf) and changing firewall. Is there a more clean > way? we do it a bit different way. man ftp-proxy that's for FTP, but a similar program can be constructed for different protocolls
the connection is redirected to the -proxy application, which mines out from the state table where it ought to go, it connects to there, and acts like a proxy all the way. Bye, Gergely Czuczy mailto: [EMAIL PROTECTED] PGP: http://phoemix.harmless.hu/phoemix.pgp Weenies test. Geniuses solve problems that arise.
signature.asc
Description: Digital signature
