Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 May 2006 13:15:12 -0700 (PDT)
From:      Matheus Lamberti <matheuslamberti@yahoo.com>
To:        freebsd-pf@freebsd.org
Subject:   Problem with ftp-proxy
Message-ID:  <20060508201512.62715.qmail@web52912.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help 
Hello list,

 Whell, i have implemented a firewall with the default
police "block all", i made very restritive rules
allowing only some connecting ports from the machines
of my LAN.
 My problem is, the ftp-proxy is working...
 * inetd call then with my flags
 * the ftp transaction starts
 * but i can recieve back the answer from the remote
server

 Bellow is a part of my pf.conf file ...

-- start --
# ftp-proxy
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $if_intr proto tcp to port ftp ->
127.0.0.1 port 8021

# rules
anchor "ftp-proxy/*"
pass out on $if_adsl proto udp from $if_adsl to any
port $udp_sai keep state
pass out on $if_adsl proto tcp from $if_adsl to any
port $tcp_sai flags $flagtcp modulate state
pass out on $if_adsl proto tcp from $if_adsl to any
port $tcp_ent flags $flagtcp modulate state
pass in  on $if_adsl from any to $srv_vip modulate
state
pass in  on $if_adsl from any to $if_adsl keep state
pass out on $if_intr from any to $intrant modulate
state
pass in  on $if_intr proto udp from $intrant to any
port $udp_sai keep state
pass in  on $if_intr proto tcp from $intrant to any
port $tcp_sai flags $flagtcp keep state
pass in  on $if_intr proto tcp from $intrant to any
port $tcp_ent flags $flagtcp keep state
pass in  on $if_intr proto { tcp, udp } from $intrant
to $srv_bsd port $dhcp_pt keep state
pass in  on $if_intr proto { tcp, udp } from $ip_voip
to any keep state
-- end --



Matheus Lamberti de Abreu
BSD UserID: 051370 / ICQ UIN: 58854189

" Diante da vastidão do tempo...
E da  imensidão do universo,
É um  imenso prazer pra mim,
Dividir um planeta e  uma época com você! " ( Carl Sagan )

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060508201512.62715.qmail>