From owner-freebsd-questions@FreeBSD.ORG Sun May 14 19:09:42 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FBE116A471 for ; Sun, 14 May 2006 19:09:42 +0000 (UTC) (envelope-from stonerte@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD85E43D53 for ; Sun, 14 May 2006 19:09:39 +0000 (GMT) (envelope-from stonerte@gmail.com) Received: by nf-out-0910.google.com with SMTP id p77so17701nfc for ; Sun, 14 May 2006 12:09:38 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=CC6S1a6dA+if61zolr04C48iPSq9PHPSIq9wI2geKCUFCHEe0IMGvyEB87F4VsLcq5hLdBqy1zVrcut+VG+2VNAXMtZwDqrjkORzNyUV9ckaPNHGUHVTYLFELQTZYF8VfyV8l7OEC1Tzlkw/SsrCjQL3HKtB2Op6bsnlGMaO7+Y= Received: by 10.49.72.15 with SMTP id z15mr2790470nfk; Sun, 14 May 2006 12:09:38 -0700 (PDT) Received: by 10.49.69.1 with HTTP; Sun, 14 May 2006 12:09:38 -0700 (PDT) Message-ID: <8bd19c4f0605141209s9af8741h888191f8b42363cb@mail.gmail.com> Date: Sun, 14 May 2006 15:09:38 -0400 From: "Terry Stoner" To: goodman@mac.hush.com In-Reply-To: <20060513141218.6F024DA820@mailserver8.hushmail.com> MIME-Version: 1.0 References: <20060513141218.6F024DA820@mailserver8.hushmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Access from the internet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 May 2006 19:09:44 -0000 Hey guys - I got it to work. I enabled udp inbound on port 21 and it worked. Thanks for all your suggestions. Terry Stoner On 5/13/06, Bob Goodman wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On Sat, 13 May 2006 06:30:37 +0400 Terry Stoner > wrote: > >Bob - > > > >I am keeping state with the port 21 rule. I am perplexed because > >everything > >works fine on the local LAN. > > > >On 5/12/06, Bob Goodman wrote: > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> >Hi my name is Terry Stoner. I just set up a new Firewall, > >FreeBSD > >> 6.0, and > >> >am having trouble connecting from the internet. Basically I > >want > >> to ssh > >> >from work. I set sshd_config to listen on all interfaces and > >on > >> port 21, > >> >this port is not blocked outbound from work. I have ipfilter > >> rules allowing > >> >inbound on this port and interface. I setup port forwarding on > >my > >> netgear > >> >router. When I do a tcpdump I see myself hitting the interface > >of > >> my > >> >firewall, but sshd is not responding. I get to my box, but no > >> dice. Do you > >> >have any suggestions? I would appreciate it. > >> > > >> >Thank you, > >> > > >> >Terry Stoner > >> > > >> > >> Are you certain that you allow both inbound traffic to your port > >21 > >> and outbound traffic from your port 21? Something with "keep > >state" > >> in the ipfilters ruleset? > >> > >> Bob Goodman > >> -----BEGIN PGP SIGNATURE----- > >> Note: This signature can be verified at > >https://www.hushtools.com/verify > >> Version: Hush 2.5 > >> > >> > >wkYEARECAAYFAkRlA08ACgkQAQ09syE0bn45mQCeIcOn0hmTCdKRIEprgN543vJYb80 > >A > >> nig4TZ0WCEqQzJf6tAyiC4O0sTm+ > >> =3Du018 > >> -----END PGP SIGNATURE----- > > Could you for example stop your sshd, start "openssl s_server" > listening on that interface port 21 and connect with "openssl > s_client" from the internet? And what is happening with ipf > disabled? > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 2.5 > > wkYEARECAAYFAkRl6TIACgkQAQ09syE0bn4K7ACgkxcdMBl6S+BaqJmsGRdZoKvHp5sA > nje118bNTFMvK/Jj8g0uNeZXHK+e > =3DPA1P > -----END PGP SIGNATURE----- > > > > > Concerned about your privacy? Instantly send FREE secure email, no accoun= t > required > http://www.hushmail.com/send?l=3D480 > > Get the best prices on SSL certificates from Hushmail > https://www.hushssl.com?l=3D485 > >