From owner-freebsd-pf@FreeBSD.ORG Mon May 8 20:19:18 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD3C516A40E for ; Mon, 8 May 2006 20:19:18 +0000 (UTC) (envelope-from matheuslamberti@yahoo.com) Received: from web52912.mail.yahoo.com (web52912.mail.yahoo.com [206.190.49.22]) by mx1.FreeBSD.org (Postfix) with SMTP id EF4B643D7C for ; Mon, 8 May 2006 20:19:16 +0000 (GMT) (envelope-from matheuslamberti@yahoo.com) Received: (qmail 62717 invoked by uid 60001); 8 May 2006 20:15:12 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=e1oMjJV5TGJ+Ir35USEUaHltMOSS/MQ5G3eEl4tAv6dEoAlB6eIQWQtX720qjuwO254SEilh0pFw6wPIIMH4N9erFS7mPrzCQcvYQQqKr4G4D5UnWE+1ndSA1cT1r+nz2T0CJaJpwsFMxujmCJq9QmPwoDnFgWvlq5zxnN+a1BM= ; Message-ID: <20060508201512.62715.qmail@web52912.mail.yahoo.com> Received: from [201.22.68.18] by web52912.mail.yahoo.com via HTTP; Mon, 08 May 2006 13:15:12 PDT Date: Mon, 8 May 2006 13:15:12 -0700 (PDT) From: Matheus Lamberti To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Problem with ftp-proxy X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 20:19:18 -0000 Hello list, Whell, i have implemented a firewall with the default police "block all", i made very restritive rules allowing only some connecting ports from the machines of my LAN. My problem is, the ftp-proxy is working... * inetd call then with my flags * the ftp transaction starts * but i can recieve back the answer from the remote server Bellow is a part of my pf.conf file ... -- start -- # ftp-proxy nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass on $if_intr proto tcp to port ftp -> 127.0.0.1 port 8021 # rules anchor "ftp-proxy/*" pass out on $if_adsl proto udp from $if_adsl to any port $udp_sai keep state pass out on $if_adsl proto tcp from $if_adsl to any port $tcp_sai flags $flagtcp modulate state pass out on $if_adsl proto tcp from $if_adsl to any port $tcp_ent flags $flagtcp modulate state pass in on $if_adsl from any to $srv_vip modulate state pass in on $if_adsl from any to $if_adsl keep state pass out on $if_intr from any to $intrant modulate state pass in on $if_intr proto udp from $intrant to any port $udp_sai keep state pass in on $if_intr proto tcp from $intrant to any port $tcp_sai flags $flagtcp keep state pass in on $if_intr proto tcp from $intrant to any port $tcp_ent flags $flagtcp keep state pass in on $if_intr proto { tcp, udp } from $intrant to $srv_bsd port $dhcp_pt keep state pass in on $if_intr proto { tcp, udp } from $ip_voip to any keep state -- end -- Matheus Lamberti de Abreu BSD UserID: 051370 / ICQ UIN: 58854189 " Diante da vastidão do tempo... E da imensidão do universo, É um imenso prazer pra mim, Dividir um planeta e uma época com você! " ( Carl Sagan ) __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com