[ previous ] [ next ] [ threads ]
 From:  "Thomas Hertz" <term at cynisk dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] FTP NAT redux
 Date:  Fri, 20 Aug 2004 08:12:35 +0200
> On Thu, 19 Aug 2004, Neil Schneider wrote:
> > I recently replaced my Linux firewall with M0n0wall. I have an ftp
> > server that sits behind it and is Server NAT'ed to a public IP
> > address. I keep running into the problem described in the list
> > archives and on various web pages, where connections from behind
> > another firewall fail in unpredictable ways.
> >
> > So here's my question. Is there no equivelent in FreeBSD to the Linux
> > kernel modules ip_contrack_ftp and ip_contrack_nat?
> Perhaps if you exlained what those features do, and/or gave a specific
> example of a failing case.
[Thomas Hertz once mumbled:] 

I believe that these modules are used to actively create firewall and/or nat
rules by actively listening to the ftp control channel. There are similar
modules for icq and irc, and this is something I miss in FreeBSD, although
they might pose a security threat.

// Thomas Hertz