Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 18 Jun 2000 10:40:30 +0200
From:      Willem Brown <willem@brwn.org>
To:        Glenn Johnson <glennpj@bayouhome.net>
Cc:        Dan O'Connor <dan@mostgraveconcern.com>, questions@FreeBSD.ORG
Subject:   Re: ppp filter to allow fetch traffic
Message-ID:  <20000618104030.A12329@snoopy.brwn.org>
In-Reply-To: <20000617225738.A1507@gforce.johnson.home>; from glennpj@bayouhome.net on Sat, Jun 17, 2000 at 10:57:38PM -0500
References:  <085801bfd750$5d5a0780$0200000a@danco> <20000617225738.A1507@gforce.johnson.home>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

If your using passive FTP then it won't work. Try turning passive
ftp off.

Regards
Willem Brown

On Sat, Jun 17, 2000 at 10:57:38PM -0500, Glenn Johnson wrote:
> On Thu, Jun 15, 2000 at 10:04:34PM -0700, Dan O'Connor wrote:
>=20
> > >I have been setting up filters in ppp to only allow certain
> > >traffic. I would like to allow fetch traffic so I can build
> > >ports. Without any filters, fetch works fine, but when I add filters
> > >it does not. I have filters to allow FTP traffic and that works fine
> > >but not fetch.
> > >
> > >What are the filter entries necessary to allow fetch traffic out the
> > >ppp link?
> >=20
> >=20
> > I never had any problems with 'fetch' using the following filters:
> >=20
> >  set filter in   1 permit tcp src eq 20 dst gt 1023
> >  set filter out  1 permit tcp dst eq 20
> >  set filter in   2 permit tcp src eq 21 estab
> >  set filter out  2 permit tcp dst eq 21
>=20
> I have those filters in ppp.conf. If the URL is of the form
> http://some.server.com/somefile, then fetch works; if the URL is of
> the form ftp://some.server.com/somefile, then fetch does not work. If
> I remove all of the filters below then fetch ftp works. This makes no
> sense to me because the ftp program itself works fine when the filters
> below are present.
>=20
>  set filter in 0 permit udp src eq 53
>  set filter in 1 permit udp src eq 123
>  set filter in 2 permit tcp src eq 5999 estab
>  set filter in 3 permit tcp src eq 22 estab
>  set filter in 4 permit tcp src eq 110 estab
>  set filter in 5 permit tcp src eq 25 estab
>  set filter in 6 permit tcp src eq 21 estab
>  set filter in 7 permit tcp src eq 20 dst gt 1023
>  set filter in 8 permit tcp src eq 80
>  set filter in 9 permit tcp dst eq 3128
>=20
>  set filter out 0 permit udp dst eq 53
>  set filter out 1 permit udp dst eq 123
>  set filter out 2 permit tcp dst eq 5999
>  set filter out 3 permit tcp dst eq 22
>  set filter out 4 permit tcp dst eq 80
>  set filter out 5 permit tcp dst eq 110
>  set filter out 6 permit tcp dst eq 25
>  set filter out 7 permit tcp dst eq 21
>  set filter out 8 permit tcp dst eq 20
>  set filter out 9 permit tcp src eq 3128
>=20
> --=20
> Glenn Johnson
> glennpj@bayouhome.net
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>=20

--=20
 /* =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D */
 /*      Linux, FreeBSD, NetBSD, OpenBSD. The choice is yours.      */
 /* =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D */

"I think it is true for all _=08n. I was just playing it safe with _=08n >=
=3D 3
because I couldn't remember the proof."
		-- Baker, Pure Math 351a


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000618104030.A12329>