[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: [Fwbuilder-discussion] Re: Support for newer IPFilter proxies
From:       Darren Reed <darrenr () reed ! wattle ! id ! au>
Date:       2005-10-04 14:30:30
Message-ID: 200510041430.j94EUUQU001612 () firewall ! reed ! wattle ! id ! au
[Download RAW message or body]

> > I looked at the new proxies in 4.1.9. Is there any documentation on  
> > this stuff ?

Their use is part of ipnat.

> > All I could find was one-liner in the rpcbind proxy  
> > source code. All others come with no examples or description  
> > whatsoever, or so it seems. Did I miss it ?
 
The rpcbind proxy shouldn't be supported.

> > These proxies are not 100% obvious. For example, I thought one uses  
> > pptp proxy to handle pptp control connection (tcp port 1723), but  
> > what about GRE ? However, after looking at ip_pptp_pxy.c, it seems it  
> > is the other way around, that is this proxy handles GRE and not tcp  
> > 1723.

The PPTP proxy follows the TCP connection and automatically allows
through the right GRE packets.

Use is like this:
map pcn1 0/0 -> 0/0 proxy port 1723 pptp/tcp

> > Do I need to make any changes to support ftp EPSV proxy ?

No.

> > At the  
> > first glance it seems the proxy itself has been modified to support  
> > EPSV and I do not need to make any changes as ipfilter command syntax  
> > for it remains the same.

Correct.

Darren
[prev in list] [next in list] [prev in thread] [next in thread]