> On Thu, 19 Aug 2004, Neil Schneider wrote:
> > I recently replaced my Linux firewall with M0n0wall. I have an ftp
> > server that sits behind it and is Server NAT'ed to a public IP
> > address. I keep running into the problem described in the list
> > archives and on various web pages, where connections from behind
> > another firewall fail in unpredictable ways.
> > So here's my question. Is there no equivelent in FreeBSD to the Linux
> > kernel modules ip_contrack_ftp and ip_contrack_nat?
> Perhaps if you exlained what those features do, and/or gave a specific
> example of a failing case.
[Thomas Hertz once mumbled:]
I believe that these modules are used to actively create firewall and/or nat
rules by actively listening to the ftp control channel. There are similar
modules for icq and irc, and this is something I miss in FreeBSD, although
they might pose a security threat.
// Thomas Hertz