|
||||||||
Hey all, Being a Linux user with virtually no BSD experience (firewalling in particular), I have a few questions on how some "NAT-broken" protocols work with ipfilter and its brethren. Such things as H.323, FTP, IRC's DCC, and a plethora of other protocols simply don't work when connections are initiated from behind a NAT implementation. In the netfilter world, these connections are tracked and fixed (mangled might be a better term) by additional netfilter (well, kernel) modules. How do ipfilter, ipfw, and <BSD packet filter of choice> deal with these issues? Do they simply not work at all? I pose this question after attempting DCC connections after implementing m0n0wall, and having them fail. Is this the reason passive FTP is used when upgrading (my only experience with FTP upgrading has been through the WAN interface, with necessary port maps set)? My grasp of packet filtering from within FreeBSD is slippery at best, and "completely non-existant" at worst. You be the judge :D Can anyone set me straight on this? Brian |