Date: Tue, 29 May 2007 18:29:04 +0800 From: zhouyi zhou <zhouzhouyi@ercist.iscas.ac.cn> To: "Abdullah Ibn Hamad Al-Marri" <almarrie@gmail.com> Cc: volker@vwsoft.com, freebsd-pf@freebsd.org Subject: Re: have anyone configured "synproxy state" beforce Message-ID: <20070529182904.0ff69667.zhouzhouyi@ercist.iscas.ac.cn> In-Reply-To: <499c70c0705290310r125510f3ibba97895bcd105c9@mail.gmail.com> References: <007001c7a122$38fd41b0$1c024dd2@iosdf17a8152bc> <465BED72.6090100@vwsoft.com> <20070529171917.23c348f6.zhouzhouyi@ercist.iscas.ac.cn> <499c70c0705290310r125510f3ibba97895bcd105c9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It is state and surely not stat\e, sorry for the error :-) On Tue, 29 May 2007 13:10:11 +0300 "Abdullah Ibn Hamad Al-Marri" <almarrie@gmail.com> wrote: > On 5/29/07, zhouyi zhou <zhouzhouyi@ercist.iscas.ac.cn> wrote: > > Dear Mr. Volker > > Thank you very much > > Zelest persuade me add a "set skip on lo0". > > That becomes: > > set skip on lo0 > > pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy stat\e > > Sincerely yours > > Zhouyi Zhou > > On Tue, 29 May 2007 11:08:02 +0200 > > Volker <volker@vwsoft.com> wrote: > > > > > On 05/28/07 14:17, Zhouyi Zhou wrote: > > > > high everyone,( in pariticular Max :-)) > > > > The configuration line in my pf.conf is: > > > > pass in quick on lo0 proto tcp from any to any port 21 flags S/SA synproxy > > > > state > > > > > > > > But: > > > > the connection is established, but the control did not seams to pass to the > > > > ftpd > > > > Sincerely yours > > > > Zhouyi Zhou > > > > > > Zhouyi, > > > > > > security@ is the wrong mailing list. Please post questions like this > > > to pf@. > > > > > > I'm wondering where this traffic originates? You're using interface > > > lo0 which will (most likely) be used for traffic on the local machine > > > but you should not find much traffic on that interface from other hosts. > > > > > > As you're using 21/tcp I assume you're playing with ftp traffic. Ftp > > > is not just using that single (control) port but a pair of 21/tcp and > > > a dynamic allocated port. You have to pass that traffic, too or > > > otherwise no data communication will be established. Also it is most > > > likely that you will have to use an FTP proxy. > > > > > > I suspect your whole problem is really not synproxy related. > > > > > > HTH > > > > > > Volker > > > > > > > > > > (Sorry for the previouly base64 encode mail caused by M$ outlook) > > > PS: FreeBSD is also great for workstations! :) > > Please make sure you fix the typos in your rule it's state and not stat\e > > pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy state > > As for Volker he is a real helpful guy, thank you Volker :) > > > -- > Regards, > > -Abdullah Ibn Hamad Al-Marri > Arab Portal > http://www.WeArab.Net/ >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070529182904.0ff69667.zhouzhouyi>