From owner-freebsd-questions@FreeBSD.ORG Sat May 13 14:12:21 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4EEDA16A429 for ; Sat, 13 May 2006 14:12:21 +0000 (UTC) (envelope-from goodman@mac.hush.com) Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF18A43D58 for ; Sat, 13 May 2006 14:12:20 +0000 (GMT) (envelope-from goodman@mac.hush.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 98E12A3337 for ; Sat, 13 May 2006 07:12:19 -0700 (PDT) Received: from mailserver8.hushmail.com (mailserver8.hushmail.com [65.39.178.61]) by smtp3.hushmail.com (Postfix) with ESMTP; Sat, 13 May 2006 07:12:18 -0700 (PDT) Received: by mailserver8.hushmail.com (Postfix, from userid 65534) id 6F024DA820; Sat, 13 May 2006 07:12:18 -0700 (PDT) Date: Sat, 13 May 2006 18:12:17 +0400 To: From: "Bob Goodman" Content-type: text/plain; charset="UTF-8" Message-Id: <20060513141218.6F024DA820@mailserver8.hushmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Access from the internet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: goodman@mac.hush.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 14:12:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 13 May 2006 06:30:37 +0400 Terry Stoner wrote: >Bob - > >I am keeping state with the port 21 rule. I am perplexed because >everything >works fine on the local LAN. > >On 5/12/06, Bob Goodman wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >Hi my name is Terry Stoner. I just set up a new Firewall, >FreeBSD >> 6.0, and >> >am having trouble connecting from the internet. Basically I >want >> to ssh >> >from work. I set sshd_config to listen on all interfaces and >on >> port 21, >> >this port is not blocked outbound from work. I have ipfilter >> rules allowing >> >inbound on this port and interface. I setup port forwarding on >my >> netgear >> >router. When I do a tcpdump I see myself hitting the interface >of >> my >> >firewall, but sshd is not responding. I get to my box, but no >> dice. Do you >> >have any suggestions? I would appreciate it. >> > >> >Thank you, >> > >> >Terry Stoner >> > >> >> Are you certain that you allow both inbound traffic to your port >21 >> and outbound traffic from your port 21? Something with "keep >state" >> in the ipfilters ruleset? >> >> Bob Goodman >> -----BEGIN PGP SIGNATURE----- >> Note: This signature can be verified at >https://www.hushtools.com/verify >> Version: Hush 2.5 >> >> >wkYEARECAAYFAkRlA08ACgkQAQ09syE0bn45mQCeIcOn0hmTCdKRIEprgN543vJYb80 >A >> nig4TZ0WCEqQzJf6tAyiC4O0sTm+ >> =u018 >> -----END PGP SIGNATURE----- Could you for example stop your sshd, start "openssl s_server" listening on that interface port 21 and connect with "openssl s_client" from the internet? And what is happening with ipf disabled? -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wkYEARECAAYFAkRl6TIACgkQAQ09syE0bn4K7ACgkxcdMBl6S+BaqJmsGRdZoKvHp5sA nje118bNTFMvK/Jj8g0uNeZXHK+e =PA1P -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485