On 07/01/2007 12:53:59 PM, Camiel Dobbelaar wrote:
On Sun, 1 Jul 2007, Karl O. Pinc wrote:
> The basic idea is to modify ftp-proxy so it adds binat
> rules to it's anchors.
You cannot use port in binat rules, so that would not work.
I think this problem can only be fixed in pf itself, by not
prioritizing
binat and just use the order in which all NAT rules are configured.
Changing binat so that you _can_ use port in a binat rule
would do it too. It'd be kind of silly, turning binat into a
nat with a higher pf priority, but would allow this issue
to be addressed in ftp-proxy. Less sensible than eliminating
the binat>nat pf priority, but more backwardly compatible.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
