From owner-freebsd-questions Sun Jun 18 1:40:49 2000 Delivered-To: freebsd-questions@freebsd.org Received: from snoopy.brwn.org (intgw1.brwn.org [196.28.127.66]) by hub.freebsd.org (Postfix) with ESMTP id 1F5A837B90C for ; Sun, 18 Jun 2000 01:40:40 -0700 (PDT) (envelope-from willem@snoopy.brwn.org) Received: by snoopy.brwn.org (Postfix, from userid 1001) id C97451D8B; Sun, 18 Jun 2000 10:40:30 +0200 (SAST) Date: Sun, 18 Jun 2000 10:40:30 +0200 From: Willem Brown To: Glenn Johnson Cc: Dan O'Connor , questions@FreeBSD.ORG Subject: Re: ppp filter to allow fetch traffic Message-ID: <20000618104030.A12329@snoopy.brwn.org> References: <085801bfd750$5d5a0780$0200000a@danco> <20000617225738.A1507@gforce.johnson.home> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Mutt/1.2i In-Reply-To: <20000617225738.A1507@gforce.johnson.home>; from glennpj@bayouhome.net on Sat, Jun 17, 2000 at 10:57:38PM -0500 X-Public-Key: http://www.brwn.org/~willem/pubkey.txt Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, If your using passive FTP then it won't work. Try turning passive ftp off. Regards Willem Brown On Sat, Jun 17, 2000 at 10:57:38PM -0500, Glenn Johnson wrote: > On Thu, Jun 15, 2000 at 10:04:34PM -0700, Dan O'Connor wrote: >=20 > > >I have been setting up filters in ppp to only allow certain > > >traffic. I would like to allow fetch traffic so I can build > > >ports. Without any filters, fetch works fine, but when I add filters > > >it does not. I have filters to allow FTP traffic and that works fine > > >but not fetch. > > > > > >What are the filter entries necessary to allow fetch traffic out the > > >ppp link? > >=20 > >=20 > > I never had any problems with 'fetch' using the following filters: > >=20 > > set filter in 1 permit tcp src eq 20 dst gt 1023 > > set filter out 1 permit tcp dst eq 20 > > set filter in 2 permit tcp src eq 21 estab > > set filter out 2 permit tcp dst eq 21 >=20 > I have those filters in ppp.conf. If the URL is of the form > http://some.server.com/somefile, then fetch works; if the URL is of > the form ftp://some.server.com/somefile, then fetch does not work. If > I remove all of the filters below then fetch ftp works. This makes no > sense to me because the ftp program itself works fine when the filters > below are present. >=20 > set filter in 0 permit udp src eq 53 > set filter in 1 permit udp src eq 123 > set filter in 2 permit tcp src eq 5999 estab > set filter in 3 permit tcp src eq 22 estab > set filter in 4 permit tcp src eq 110 estab > set filter in 5 permit tcp src eq 25 estab > set filter in 6 permit tcp src eq 21 estab > set filter in 7 permit tcp src eq 20 dst gt 1023 > set filter in 8 permit tcp src eq 80 > set filter in 9 permit tcp dst eq 3128 >=20 > set filter out 0 permit udp dst eq 53 > set filter out 1 permit udp dst eq 123 > set filter out 2 permit tcp dst eq 5999 > set filter out 3 permit tcp dst eq 22 > set filter out 4 permit tcp dst eq 80 > set filter out 5 permit tcp dst eq 110 > set filter out 6 permit tcp dst eq 25 > set filter out 7 permit tcp dst eq 21 > set filter out 8 permit tcp dst eq 20 > set filter out 9 permit tcp src eq 3128 >=20 > --=20 > Glenn Johnson > glennpj@bayouhome.net >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message >=20 --=20 /* =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D */ /* Linux, FreeBSD, NetBSD, OpenBSD. The choice is yours. */ /* =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D */ "I think it is true for all _=08n. I was just playing it safe with _=08n >= =3D 3 because I couldn't remember the proof." -- Baker, Pure Math 351a To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message