Date: Wed, 18 Apr 2001 14:44:30 -0700 From: "JannaDanRich" <house@lvcm.com> To: <freebsd-questions@FreeBSD.ORG> Subject: IPFILTER and 502 port command errors with FTP Message-ID: <00c801c0c850$c077cef0$1616160a@neoone>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] I have a gateway box that I am using 4.3rc3 and kernel is compiled with IPFILTER .. and DEFAULT_BLOCK, my ruleset is simple for the moment, have three pass out quick keep state for proto udp,tcp,icmp with some drop all short and specific logs for smurf attacks etc .. since at the moment I have no services to the outside world, that is pretty much it Everytime, my roommate tries to access ftp, he gets 502 error, this is both in Win2k .. and on his G4 powerbook with OS X .. my RedHat box works great in passive, but my BSD will not? first thing I have tried is copying rulesets over to different file, and using only Pass in qucik all from any to any pass out quick all from any to any no go, I even rebooted, just to verify to myself that these rulsets were in fact loaded .. still same error I did read somewhere that ipnat could not read from drive when kern security level was set to 2 .. I also found information that IPFILTER couldn't handle the frag packets associated with FTP .. (this seemed to be a much older version) I was hoping that someone may have experienced this problem or similar and could advise .. should I ditch IPFILTER and use IPFW and natd? which worked great on prior setup with an older machine, but never familiarized myself with IPFW rulesets Thanks [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content="text/html; charset=iso-8859-1" http-equiv=Content-Type> <META content="MSHTML 5.00.3315.2869" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>I have a gateway box that I am using 4.3rc3 and kernel is compiled with IPFILTER .. and DEFAULT_BLOCK, my ruleset is simple for the moment, have three pass out quick keep state for proto udp,tcp,icmp with some drop all short and specific logs for smurf attacks etc .. since at the moment I have no services to the outside world, that is pretty much it</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>Everytime, my roommate tries to access ftp, he gets 502 error, this is both in Win2k .. and on his G4 powerbook with OS X .. my RedHat box works great in passive, but my BSD will not?</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>first thing I have tried is copying rulesets over to different file, and using only </FONT></DIV> <DIV><FONT face=Arial size=2>Pass in qucik all from any to any</FONT></DIV> <DIV><FONT face=Arial size=2>pass out quick all from any to any</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>no go, I even rebooted, just to verify to myself that these rulsets were in fact loaded .. still same error</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>I did read somewhere that ipnat could not read from drive when kern security level was set to 2 .. </FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>I also found information that IPFILTER couldn't handle the frag packets associated with FTP .. (this seemed to be a much older version)</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>I was hoping that someone may have experienced this problem or similar and could advise .. should I ditch IPFILTER and use IPFW and natd? which worked great on prior setup with an older machine, but never familiarized myself with IPFW rulesets</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>Thanks</FONT></DIV></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00c801c0c850$c077cef0$1616160a>