|
||||||||
> On Thu, 19 Aug 2004, Neil Schneider wrote: > > > I recently replaced my Linux firewall with M0n0wall. I have an ftp > > server that sits behind it and is Server NAT'ed to a public IP > > address. I keep running into the problem described in the list > > archives and on various web pages, where connections from behind > > another firewall fail in unpredictable ways. > > > > So here's my question. Is there no equivelent in FreeBSD to the Linux > > kernel modules ip_contrack_ftp and ip_contrack_nat? > > Perhaps if you exlained what those features do, and/or gave a specific > example of a failing case. [Thomas Hertz once mumbled:] I believe that these modules are used to actively create firewall and/or nat rules by actively listening to the ftp control channel. There are similar modules for icq and irc, and this is something I miss in FreeBSD, although they might pose a security threat. // Thomas Hertz |