[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bad protocols and pf/nat

First of all, apoligies if this has been done to death (read archives, saw a little bit on app-proxying).
Second, sorry about the appended disclaimer.
I was wondering if the nat code will be extended to do some of the dodgy protocols like active FTP (or serving ftp to passive clients) as well as the usual suspects (rtsp, icq irc-dcc etc).
What I want to do is only open up the ports that I require and not some high-port range.
I know some firewalls are smart enough to watch the app layer protocols for port handshaking.  And I know that ftp-proxy does some of what I am talking about (for FTP) but does not seem to work for servers as well as clients.
I guess there are a lot of nat-unfriendly applications out there, but I, for one, would be willing to contribute to such development.
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.
Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.