tech-net: Re: ipfilter changes in 1.4.2

Subject: Re: ipfilter changes in 1.4.2
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
From: Darren Reed <darrenr@reed.wattle.id.au>
List: tech-net
Date: 04/27/2000 02:27:22

In some email I received from Manuel Bouyer, sie wrote:
> On Thu, Apr 27, 2000 at 12:19:41AM +1000, Darren Reed wrote:
> > [...]
> > 
> > Hmm.  If you do "ipnat -l" whilst the ftp session is "open", you
> > see entries besides the rules, correct ?
> 
> Yes: I have a ftp session running between 132.227.63.133 and 132.227.74.11
> (no data transfer runnings, but I did a 'dir' in passive mode).
> 
> List of active MAP/Redirect filters:
> map ex0 132.227.63.0/24  -> 132.227.78.1/32  proxy port ftp ftp/tcp
> map ex0 132.227.103.0/24  -> 132.227.78.1/32  proxy port ftp ftp/tcp
> 
> List of active sessions:
> MAP 132.227.63.133  65227 <- -> 132.227.78.1    65227 [132.227.74.11 57149]
> MAP 132.227.63.133  65228 <- -> 132.227.78.1    65228 [132.227.74.11 21]
> 	proxy ftp/6 use 2 flags 0
> 		proto 6 flags 0 bytes 4674 pkts 30 data 0x0 psiz 0

If you do "ipfstat -s" you should be able to find an entry to match both of
the above.

Darren