From owner-freebsd-questions@FreeBSD.ORG Thu Oct 1 19:06:43 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 44B59106566B for ; Thu, 1 Oct 2009 19:06:43 +0000 (UTC) (envelope-from computing.account@googlemail.com) Received: from mail-ew0-f208.google.com (mail-ew0-f208.google.com [209.85.219.208]) by mx1.freebsd.org (Postfix) with ESMTP id C5BC68FC13 for ; Thu, 1 Oct 2009 19:06:42 +0000 (UTC) Received: by ewy4 with SMTP id 4so497076ewy.7 for ; Thu, 01 Oct 2009 12:06:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=BC5QcFfD444ekI8XjomV/uEmU43CxmHU2SNY+PJ/rlw=; b=SMmBYDEwOYSJOvMTNVWW7MRbT2tmaZDq573cAovtCV2drH4IJpJZSzBUxEoA+BT0Io Y15eRnnTujCN0i3qXQUuTO+9q0W488nLZd1ZJ5dei5QfW5zIMaoKRWCIPyNiOYIhktun ITNOqAZvRNiq0rmjZEGHUGmss3wu17nHu9L8I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=YxicwJvng11B59EpEdOPx6VDzaIAih67XF0Im/lOWvkYPNmjMCWeYp5LcVHfWyzkY8 1OuC67+zlE8wYEuVNm0RGluEqVpE/pCNGUaiMGFRtPkG3sofjfolU3EycaC0GRQhw+R0 yV+Z2w1rgQBVgBgVHgRqZGSG4Lw700Uhfbcl8= Received: by 10.211.154.17 with SMTP id g17mr8492622ebo.32.1254424001950; Thu, 01 Oct 2009 12:06:41 -0700 (PDT) Received: from ?192.168.1.40? (78-105-132-248.zone3.bethere.co.uk [78.105.132.248]) by mx.google.com with ESMTPS id 7sm35620eyg.19.2009.10.01.12.06.41 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 01 Oct 2009 12:06:41 -0700 (PDT) Message-ID: <4AC4FDF1.4060106@gmail.com> Date: Thu, 01 Oct 2009 20:07:29 +0100 From: AG User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090706) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Query about pf.conf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Oct 2009 19:06:43 -0000 Hello I want to see why I am unable to download via ftp. I believe that it would have something to do with my pf.conf file in my firewall, so have listed that below. ########### simple pf.conf ################## # allow all outgoing TCP, UDP # allow outgoing ICMP ping # specifically block 11 common inet services # Modified for nntp and bittorrent ############################################# # MACRO ext_if = "rl0" int_if = "vr0" PING = "echoreq" allow_tcp = "{ 119 }" #Port needed for nntp server #IntNet = "192.168.1.0/24" #Sub-net range #InBitTCP = "{ 6969, 6881:6889 }" #Ports needed for BitTorrent #BitIP = "192.168.1.40" #BitTorrent client tcp_services = "{ smtp, pop3, pop3s, www, msa, https, ftp, whois, ssh, telnet, rsync }" udp_services = "{ domain }" # OPTIONS: set block-policy drop set optimization normal set loginterface $ext_if # SCRUB: scrub in on $ext_if all # NAT/RDR nat on $ext_if from $int_if:network to any -> $ext_if #nat on $ext_if proto tcp from $IntNet port $InBitTCP to any -> $ext_if \ static-port #nat on $ext_if proto udp from $IntNet port $InBitTCP to any -> $ext_if \ static-port #rdr on $ext_if proto tcp from !$IntNet to any port 6969 -> $BitIP port 6969 #rdr on $ext_if proto udp from !$IntNet to any port 6881:6889 -> $BitIP \ port 6881:6889 # filter: block log on $ext_if all #pass in quick on $ext_if inet proto tcp from any to any port $InBitTCP \ flags S/SA synproxy state #pass in quick on $ext_if inet proto udp from any to any port $InBitTCP #pass out on $int_if inet proto tcp from any to $IntNet port $port_bittorrent \ flags S/SA synproxy state #pass out on $int_if inet proto udp from any to $IntNet port $port_bittorrent pass quick on lo0 all pass out on $ext_if proto tcp from any to any port $allow_tcp keep state pass out quick on $ext_if inet proto tcp from \ { $ext_if:network, $int_if:network } to any port $tcp_services keep state pass out quick on $ext_if inet proto udp from \ { $ext_if:network, $int_if:network } to any port $udp_services keep state pass out quick on $ext_if inet proto icmp from \ { $ext_if:network, $int_if:network } to any icmp-type $PING keep state antispoof for $ext_if antispoof for $int_if #### /etc/pf.conf ends ###################### Can anyone shine a light on this to help me out please? Many TIA. AG