On Tue, Apr 25, 2000 at 05:42:21PM +1000, Darren Reed wrote:
> If you're using the ipfilter proxy for ftp/rcmd, then it will
> automatically add the correct state information.
> 

It doesn't seems to work for me under 1.4.2.
Maybe the problem is that I don't use NAT, but only the ftp proxy ?
My /etc/ipnat.conf is:
map ex0 132.227.63.0/24 -> asim-gw/32 proxy port ftp ftp/tcp
map ex0 132.227.103.0/24 -> asim-gw/32 proxy port ftp ftp/tcp

The incoming ftp-data connection is blocked by my ipf.conf rule (according
to the logs):
block return-rst in log quick proto tcp from any to any flags S/SA group 110

This part of ipf.conf is pretty standart I guess, it looks like:
block return-icmp in quick from any to 132.227.63.0/24 head 110
block return-rst in log quick proto tcp from any to any flags S/SA group 110
pass in quick proto tcp from any to any group 110

Any idea of what's missing ?

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--