[geeks] ipfilter question - was:DHCP silliness
David Cantrell
geeks at sunhelp.org
Sun Nov 25 14:10:57 CST 2001
On Sun, Nov 25, 2001 at 01:11:12PM -0500, dave at cca.org wrote:
> jdboyd at cs.millersville.edu writes:
> >Hmm. Looking for information on what pasv means, I find that it appears that
> >linux's ip_masq can be set to eaves drop on ftp connections to allow normal
> >mode to work. I bet that NetBSD can do the same thing, whenever I get it
> >set up for NAT. I wonder how I set Mozilla and IE to pasv mode in the mean
> >time...
> Snooping on ftp connections to "fix" that is insane. I don't want
> my firewall being a wiseass about what's really hidden.
I wouldn't want it doing that without my telling it to either. I had to
specifically enable that functionality by insmodding ip_masq_ftp. I don't
want to have to bother with trying to remember whether to use pasv mode or
not, so I just make it work regardless.
You're quite right to think that the firewall understanding application-
layer protocols is a Bad Thing. I consider that the cause of the problem
is the ftp protocol having been designed in a crack-addled haze.
--
David Cantrell | david at cantrell.org.uk | http://www.cantrell.org.uk/david
Blessed are the pessimists, for they test their backups
-- anon
More information about the geeks
mailing list