Date: Tue, 29 May 2007 11:08:02 +0200 From: Volker <volker@vwsoft.com> To: Zhouyi Zhou <zhouzhouyi@ercist.iscas.ac.cn> Cc: mlaier@FreeBSD.org, "FreeBSD \(PF\)" <freebsd-pf@freebsd.org> Subject: Re: have anyone configured "synproxy state" beforce Message-ID: <465BED72.6090100@vwsoft.com> In-Reply-To: <007001c7a122$38fd41b0$1c024dd2@iosdf17a8152bc> References: <007001c7a122$38fd41b0$1c024dd2@iosdf17a8152bc>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/28/07 14:17, Zhouyi Zhou wrote: > high everyone,( in pariticular Max :-)) > The configuration line in my pf.conf is: > pass in quick on lo0 proto tcp from any to any port 21 flags S/SA synproxy > state > > But: > the connection is established, but the control did not seams to pass to the > ftpd > Sincerely yours > Zhouyi Zhou Zhouyi, security@ is the wrong mailing list. Please post questions like this to pf@. I'm wondering where this traffic originates? You're using interface lo0 which will (most likely) be used for traffic on the local machine but you should not find much traffic on that interface from other hosts. As you're using 21/tcp I assume you're playing with ftp traffic. Ftp is not just using that single (control) port but a pair of 21/tcp and a dynamic allocated port. You have to pass that traffic, too or otherwise no data communication will be established. Also it is most likely that you will have to use an FTP proxy. I suspect your whole problem is really not synproxy related. HTH Volker > (Sorry for the previouly base64 encode mail caused by M$ outlook) PS: FreeBSD is also great for workstations! :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?465BED72.6090100>