I think I understand the request. I would also like this option. Perhaps "proxy" is not the right term for the feature that is needed.
Using IPFilter on a bridge looks like a layer 2 device but makes decisions based on layer 3 or higher content. The last time I tried this was with v3.4.16. It didn't work. If you use a default policy to deny on a filtering bridge, most protocols pass easily using the "keep state" option. However, active FTP fails. An option like "keep ftp state" would be great. It would need to examine the PORT command in order to add a temporary state table entry that would allow the returning connection. I'm new the the list, but I didn't turn up anything in the archives. -Chris At 7:45 PM -0500 6/11/02, taproot420 wrote: >How can you use a bridge for a proxy? A bridge does not have IP protocol >addresses associated with its interfaces, it only has Ethernet >addresses. I don't think you can use a bridge for anything other than a >filtering gateway at least not network wise. > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]] On Behalf Of Ken Diliberto >Sent: Tuesday, June 11, 2002 5:06 PM >To: [EMAIL PROTECTED] >Subject: FTP Proxy with IPF 3.4.28 > >I tried using the FTP Proxy on my little OpenBSD 3.1 machine running as >a bridge. It appears the proxy will not kick in because the NAT engine >isn't used for the bridge. Is there any way around this? Am I doing >something wrong? It's a generic install of OpenBSD and IPF. > >Thanks. > >Ken -- -------------------------------------------------------------- Chris Irvine On-line store-> http://www.tfaw.com/ Information Systems Manager phone: 503-652-8815 Dark Horse Comics, Inc. http://www.darkhorse.com/ mailto:[EMAIL PROTECTED] spam mailto:[EMAIL PROTECTED] PGP Key ID: 0x0263648A PGP F.P. 8CEF 1BC8 F763 DF79 6F38 3156 EA30 50DF 0263 648A
