[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bad protocols and pf/nat



On Fri, Nov 01, 2002 at 01:35:49PM +0100, [email protected] wrote:
> I guess there are a lot of nat-unfriendly applications out there, but I, for one, would be willing to contribute to such development.
For ftp, there's ftp-proxy, and the reverse proxy patch adds support for
servers behind the firewall:
  http://www.benzedrine.cx/ftp-proxy-reverse.diff
For irc, there's net/tircproxy in the ports tree (which includes a patch
for NAT lookups with pf).
If you write userland proxies for other problematic protocols, they are
welcome. Look at pf(4) and the existing proxies for examples of how to
use pf's ioctl interface. There won't be any application level proxies
in the kernel, and this has indeed been discussed a couple of times, and
google finds the archives :)
Daniel