[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    RE: IPNAT, BIMAP, and PASSIVE FTP
From:       "David Hedley" <david () inty ! net>
Date:       2003-02-19 0:36:14
[Download RAW message or body]

> Solution is a stretch, hack comes more to mind.  As I said I am
> replacing a Cisco Pix 520 that was manufactured in 1999.  It has done
> this correctly since that date (and I'm sure that the PIX's did this
> right even before that).  This seems like a no-brainer, and I'm totally
> shocked to not find this implemented in ANY unix solution (Ipfilter, Pf,
> etc.)  *shrug*.  For now it's working, but I have a lot more testing to
> do before I ever think about rolling this out in production.
> 

Actually, the standard FreeBSD firewall/NAT package (ipfw and natd) works properly in \
this circumstance. Shame it's a userland process as it's otherwise a very good NAT \
implementation.

David


intY has scanned this email for all known viruses (www.inty.com)


[prev in list] [next in list] [prev in thread] [next in thread]