Date: Wed, 18 Apr 2001 14:44:30 -0700 From: "JannaDanRich" <house@lvcm.com> To: <freebsd-questions@FreeBSD.ORG> Subject: IPFILTER and 502 port command errors with FTP Message-ID: <00c801c0c850$c077cef0$1616160a@neoone>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_00C5_01C0C816.13971CC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have a gateway box that I am using 4.3rc3 and kernel is compiled with = IPFILTER .. and DEFAULT_BLOCK, my ruleset is simple for the moment, have = three pass out quick keep state for proto udp,tcp,icmp with some drop = all short and specific logs for smurf attacks etc .. since at the moment = I have no services to the outside world, that is pretty much it Everytime, my roommate tries to access ftp, he gets 502 error, this is = both in Win2k .. and on his G4 powerbook with OS X .. my RedHat box = works great in passive, but my BSD will not? first thing I have tried is copying rulesets over to different file, and = using only=20 Pass in qucik all from any to any pass out quick all from any to any no go, I even rebooted, just to verify to myself that these rulsets were = in fact loaded .. still same error I did read somewhere that ipnat could not read from drive when kern = security level was set to 2 ..=20 I also found information that IPFILTER couldn't handle the frag packets = associated with FTP .. (this seemed to be a much older version) I was hoping that someone may have experienced this problem or similar = and could advise .. should I ditch IPFILTER and use IPFW and natd? = which worked great on prior setup with an older machine, but never = familiarized myself with IPFW rulesets Thanks ------=_NextPart_000_00C5_01C0C816.13971CC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.3315.2869" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>I have a gateway box that I am using = 4.3rc3 and=20 kernel is compiled with IPFILTER .. and DEFAULT_BLOCK, my ruleset is = simple for=20 the moment, have three pass out quick keep state for proto=20 udp,tcp,icmp with some drop all short and specific logs = for=20 smurf attacks etc .. since at the moment I have no services to the = outside=20 world, that is pretty much it</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Everytime, my roommate tries to access = ftp, he gets=20 502 error, this is both in Win2k .. and on his G4 powerbook with OS X .. = my=20 RedHat box works great in passive, but my BSD will not?</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>first thing I have tried is copying = rulesets over=20 to different file, and using only </FONT></DIV> <DIV><FONT face=3DArial size=3D2>Pass in qucik all from any to = any</FONT></DIV> <DIV><FONT face=3DArial size=3D2>pass out quick all from any to = any</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>no go, I even rebooted, just to verify = to myself=20 that these rulsets were in fact loaded .. still same error</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>I did read somewhere that ipnat could = not read from=20 drive when kern security level was set to 2 .. </FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>I also found information that IPFILTER = couldn't=20 handle the frag packets associated with FTP .. (this seemed to be a much = older=20 version)</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>I was hoping that someone may have = experienced this=20 problem or similar and could advise .. should I ditch IPFILTER and use = IPFW and=20 natd? which worked great on prior setup with an older machine, but = never=20 familiarized myself with IPFW rulesets</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Thanks</FONT></DIV></BODY></HTML> ------=_NextPart_000_00C5_01C0C816.13971CC0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00c801c0c850$c077cef0$1616160a>