* Julien Bordet <[EMAIL PROTECTED]> [2004-03-01 23:31]: > Henning Brauer wrote: > >* Julien Bordet <[EMAIL PROTECTED]> [2004-03-01 21:35]: > >>However, when one does bridge traffic shaping, this is not the same thing > >>at all : proxifying means that your are not bridging any more, using a IP > >>address for the bridge, and so on. I really think it is a very dirty > >>solution. The kernel space solution here is much cleaner, as it is > >>transparent for the firewall administrator. > >you are so wrong. > >doing this kind of proxying in-kernel is just plain wrong, > >and error-prone. > In fact, even if it does not really matter to you in fact, I'm not > talking about a kernel "proxy" here. I'm talking about something smart > enough to tag packets "related" and so to "pass" them.
that is a proxy in my eyes. in any case this shares the problems with ipf's in kernel proxy and linux' netfilter gunk. a bugtraq archive near you shows them they are somewhat popular there. > Yet, I'm talking about a feature we need. Bridging with a certain > "understanding" of the FTP protocol is clearly needed. nah > And yes FTP is a > crappy protocol,. I'm not a I-want-everything-in-the-kernel guy, I 'd > like a solution. you have a solution. it is called ftp-proxy. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
