From a developper point of view, what is the best technique for
building such a proxy : a userland proxy, or some special pf code ? My feeling is that userland proxy are better suited for application level procotol (HTTP, FTP...) and in-kernel code is better suited for lower level protocols (TCP, UDP, IP, ICMP, GRE...). What are the difference between OpenBSD ftp-proxy and IPTables ftp_conn_track.o ? What's the best design ?
Best regards, Bruno. 2006/5/10, Luiz Souza <[EMAIL PROTECTED]>:
Bruno Carnazzi wrote: > 2006/5/10, Damian Gerow <[EMAIL PROTECTED]>: >> Thus spake Bruno Carnazzi ([EMAIL PROTECTED]) [10/05/06 01:37]: >> : My home PF NATing gateway route just one PPTP tunnel (for my laptop), >> : and I don't need special thing for it to work (GRE enabled via sysctl >> : and pf must pass GRE proto). Is there a special case when you have >> : multiple PPTP (GRE) tunnels that need proxying ? >> >> In theory, so long as there is only one given client on the LAN >> connecting >> to a given PPTP endpoint on the 'Net, I can handle it all using >> standard PF >> syntax. My problem is that I have two clients on the LAN that wish to >> connect to the same endpoint -- that, AFAIK, requires a proxy. > > That's my first question : why the need for a proxy for a network level > protocol ? > > Bruno. > >> >> - Damian > because GRE needs some _special_ processing on nat box and pf nat engine do not support this, so a proxy is really needed. luiz