Date: Wed, 23 Jan 2002 22:18:47 -0600 From: "Mario Doria" <madd@tecdigital.net> To: <questions@freebsd.org> Cc: <ipfilter@cairo.anu.edu.au> Subject: IPF Dropping connections in the middle of a transfer Message-ID: <003b01c1a48e$39fabed0$0a00a8c0@Deathstar>
next in thread | raw e-mail | index | archive | help
Hello, I'm looking for some help regarding my IPFilter ruleset, as far as I can tell, it looks OK. The problem is that some remote users when transfering files with sftp suddenly lose the connection to the server. Other cases are where tranfering files via FTP (using windows client leechFTP), the connection times out randomly (always before the timeout in leechFTP). On both ocations, I haven't been able to reproduce the problem. I hope someone can shed some light into this! Thanks, Mario Doria madd@tecdigital.net FreeBSD nibleheim.tecdigital.net 4.5-RC FreeBSD 4.5-RC #0: Tue Jan 22 20:12:07 CST 2002 madd@nibleheim.tecdigital.net:/usr/obj/usr/src/sys/NIBLEHEIM i386 # cat /etc/ipf.rules pass in quick on lo0 all pass out quick on lo0 all # block in log quick all with short block in log quick all with ipopt # pass out quick from any to any head 5 block in quick proto icmp all head 6 block in quick proto tcp from any to any head 7 block in quick proto udp from any to any head 8 # pass out quick proto tcp from any to any keep state keep frags group 5 pass out quick proto udp from any to any keep state keep frags group 5 pass out quick proto icmp from any to any keep state group 5 # ICMP # Allows types 0,3,8,11 pass in quick proto icmp from any to any icmp-type 8 keep state group 6 pass in quick proto icmp from any to any icmp-type 0 keep state group 6 pass in quick proto icmp from any to any icmp-type 3 keep state group 6 pass in quick proto icmp from any to any icmp-type 11 keep state group 6 ## TCP Services # Samba, Webmin pass in quick proto tcp from 10.25.165.0/24 to any port 136 >< 140 flags S/SA keep state keep frags group 7 pass in quick proto tcp from 10.25.165.0/24 to any port = 10000 flags S/SA keep state keep frags group 7 # HTTP pass in quick proto tcp from any to any port = 80 flags S/SA keep state keep frags group 7 pass in quick proto tcp from any to any port = 443 flags S/SA keep state keep frags group 7 # DNS pass in quick proto tcp from any to any port = 53 flags S keep state keep frags group 7 # SMTP pass in quick proto tcp from any to any port = 25 flags S keep state keep frags group 7 block return-rst in quick proto tcp from any to any port = 113 group 7 # SPOP3 pass in quick proto tcp from any to any port = 995 flags S keep state keep frags group 7 # SSH pass in quick proto tcp from any to any port = 22 flags S keep state keep frags group 7 # FTP (opens ports 50000...53000, set in /etc/sysctl.conf) pass in quick proto tcp from any to any port = 20 flags S/SA keep state keep frags group 7 pass in quick proto tcp from any to any port = 21 flags S/SA keep state keep frags group 7 pass in quick proto tcp from any to any port 49999 >< 53001 flags S/SA keep state keep frags group 7 ## UDP Services # Samba pass in quick proto udp from 10.25.165.0/24 to any port 136 >< 140 keep state group 8 # DNS pass in quick proto udp from any to any port = 53 keep state group 8 # Block everything else block in log all block out log all To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003b01c1a48e$39fabed0$0a00a8c0>