----- Original Message ----- 
From: "Manuel Kasper" <mk at neon1 dot net>
To: "Brian Z" <mono at ricerage dot org>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Sunday, January 18, 2004 2:48 AM
Subject: Re: [m0n0wall] Silly questions stemming from BSD ignorance


> On 18.01.2004, at 00:34, Brian Z wrote:
>
> > Such things as H.323, FTP, IRC's DCC, and a plethora of other protocols
> > simply don't work when connections are initiated from behind a NAT
> > implementation. In the netfilter world, these connections are tracked
> > and fixed (mangled might be a better term) by additional netfilter
> > (well, kernel) modules. How do ipfilter, ipfw, and <BSD packet filter
> > of
> > choice> deal with these issues? Do they simply not work at all? I pose
>
> There are some proxy modules for ipfilter, and m0n0wall uses the FTP
> proxy by default, which means that outbound active FTP connections
> (i.e. FTP client behind m0n0wall) are no problem. It's a different
> story if you want to run a passive FTP server behind m0n0wall, as that
> proxy only works for outbound connections. Looking at the ipfilter
> source code, I see that there are proxy modules for H.323, IPsec,
> NetBIOS, Real Audio and RCMD too. They're not well documented and I
> have no idea if they actually work, though. Has anybody tried them
> successfully?

One issue I ran across recently that would be nice to have implemented in
the WebGUI is the ability to change the Port for the active FTP proxy.  A
client ran their FTP server on Port 2121 and I couldn't figure out why my
connection failed then finally realized the outgoing proxy was automatically
set to Port 21.  Is there a way around this in m0n0wall or could it be added
to the WebGUI easily?