On Thu, Dec 07, 2000 at 08:52:29PM -0500, Marcus J. Ranum wrote:
> Can't do it without operating system mods to the underlying
> host. The FTP protocol is so wretched that it's basically
> impossible to proxy transparently.
Actually good operating Systems support quite good functionality for doing
that. Look at Linux' transparent Proxy Feature where you can actually
redirect any traffic to a local daemon and you can bind to actually and
port/ip combination. That way you can handle the control connection in
userspace and set up static NAT entries for the permitted Data Connections.
Or you can even run them through a content filter.
I think BSDs have the same Feature?
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
