[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ftp-proxy's inability to proxy using arbitrary source ip addresse s

To: Adam Herscher <adam@xtime.com>
Subject: Re: ftp-proxy's inability to proxy using arbitrary source ip addresse s
From: kjell@pintday.org
Date: Sat, 09 Mar 2002 19:35:57 -0700
Cc: misc@openbsd.org

> Let's say 64.1.1.1 is part of a /29.  The router routes the entire /29 to
> the firewall, which routes it to a network of machines on the inside.  It
> would be impossible to actually number the outside interface 64.1.1.1 and
> at the same time route the /29 to the other side.  You could break up the
> /29, but then you would have significantly less useable addresses.

Ah. Now I understand WHY you configured things as you did,
but I think it's very wrong.

This is screaming for a transparent (bridging) firewall.

NAT shouldn't even be necessary here.

-kj

Follow-Ups:
- Re: ftp-proxy's inability to proxy using arbitrary source ip addresse s
  - From: Adam Herscher <adam@xtime.com>

References:
- Re: ftp-proxy's inability to proxy using arbitrary source ip addresse s
  - From: Adam Herscher <adam@xtime.com>

Prev by Date: Re: Merging 2 ADSL lines
Next by Date: Re: Merging 2 ADSL lines
Prev by thread: Re: ftp-proxy's inability to proxy using arbitrary source ip addresse s
Next by thread: Re: ftp-proxy's inability to proxy using arbitrary source ip addresse s
Index(es):
- Date
- Thread