Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
bit.listserv.openbsd-pf
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
What's the progress of in-kernel proxy for pf NAT?
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   3 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Henning Brauer  
View profile  
 More options Jul 23, 11:13 pm
Newsgroups: bit.listserv.openbsd-pf
From: lists-open...@bsws.de (Henning Brauer)
Date: 23 Jul 2009 06:13:57 -0700
Local: Thurs, Jul 23 2009 11:13 pm
Subject: Re: What's the progress of in-kernel proxy for pf NAT?
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
* hu st <hust...@yahoo.com> [2009-07-23 12:35]:

> Hi listers,

> I found many in-kernel proxy resources in ipfilter package(ip_fil4.1.32), such
> as ftp/pptp/h323/netbios/irc/rpc etc.
> Could these code be used by pf?

pf purposefully does not use in-kernel proxies. wrong design.

> AFAIK pf has only a ftp-proxy anchor.

it has userland helpers for the most relevant protocols.

--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
hu st  
View profile  
 More options Jul 23, 11:17 pm
Newsgroups: bit.listserv.openbsd-pf
From: hust...@yahoo.com (hu st)
Date: 23 Jul 2009 06:17:35 -0700
Local: Thurs, Jul 23 2009 11:17 pm
Subject: What's the progress of in-kernel proxy for pf NAT?
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

Hi listers,
 
I found many in-kernel proxy resources in ipfilter package(ip_fil4.1.32), such as ftp/pptp/h323/netbios/irc/rpc etc. 
Could these code be used by pf?
AFAIK pf has only a ftp-proxy anchor.
Another question: Could pf intercept SQL*Net traffic and dynamically open ports for new connection? please refer http://seclists.org/firewall-wizards/2009/Jan/0007.html.
 
TIA
 
frank
regards,


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Karl O. Pinc  
View profile  
 More options Jul 24, 3:01 am
Newsgroups: bit.listserv.openbsd-pf
From: k...@meme.com (Karl O. Pinc)
Date: 23 Jul 2009 10:01:24 -0700
Local: Fri, Jul 24 2009 3:01 am
Subject: Re: What's the progress of in-kernel proxy for pf NAT?
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

On 07/23/2009 05:52:38 AM, Henning Brauer wrote:

> * hu st <hust...@yahoo.com> [2009-07-23 12:35]:
> > AFAIK pf has only a ftp-proxy anchor.

> it has userland helpers for the most relevant protocols.

Is there a list of these anywhere?  ftp-proxy is the only
one that comes to mind, of those where the protocol is
stupid and utilizes multiple connections/ports.  Other
proxies, as for http, can be implemented entirely in
userspace.

I'm not sure but I believe that SIP is also bad this way.
Is there a SIP proxy?  Are there other "bad" protocols
that require things like anchor updates?

Karl <k...@meme.com>
Free Software:  "You don't pay back, you pay forward."
                  -- Robert A. Heinlein


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google