Date: Mon, 27 Nov 2000 10:59:00 -0000 From: "Nuno Teixeira" <nuno.teixeira@pt-quorum.com> To: <cjclark@alum.mit.edu> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: NATD: failed to write packet back (Permission denied) Message-ID: <005901c05861$1528eed0$0100a8c0@gateway> References: <001701c057c4$1e1ac010$0200a8c0@n2> <20001126110756.C34151@149.211.6.64.reflexcom.com> <000b01c057dd$f9423ab0$0200a8c0@n2> <20001126113720.A70192@149.211.6.64.reflexcom.com> <3A2183E7.6039C582@FreeBSD.org> <20001126140033.E70192@149.211.6.64.reflexcom.com> <003301c05812$0f7deb60$0200a8c0@n2> <20001126210634.O70192@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, 1. Traceroute: No. I don't want anyone to traceroute me. It is working ok and I can traceroute others but they can't traceroute me. 2. FTP: Yes you right. I have a internal machine that have LeapFTP installed and it can do a "ls" with no problems because it works in passive mode. I found this problem to when I tryed to install freebsd ports. I think that is a way of turning on passive mode on installing new ports since they are downloaded by ftp almost the times. Thanks very much, Nuno Teixeira ----- Original Message ----- From: "Crist J . Clark" <cjclark@reflexnet.net> To: "Nuno Teixeira" <nuno.teixeira@pt-quorum.com> Cc: <cjclark@alum.mit.edu>; <freebsd-security@FreeBSD.ORG> Sent: Monday, November 27, 2000 5:06 AM Subject: Re: NATD: failed to write packet back (Permission denied) > On Mon, Nov 27, 2000 at 01:33:32AM -0000, Nuno Teixeira wrote: > > Hello, > > > > 1. Ok. It works. Now I can traceroute others but the outside can't > > traceroute me. The result is: > > > > "65435 Deny UDP other_server:65302 my_server:33509 in via tun0" > > Oh, you wanted to allow traceroutes in? Someone else posted the rules > to allow it in and also mentioned that it is a really big hole to put > in the firewall. But to review, you basically just need to allow the > same stuff in the other direction. > > > 2. I found one problem: when I login other computer via FTP and I make a > > "ls" I get the log: > > > > "65435 Deny TCP ftp_server:20 my_server:49152 in via tun0" > > > > Does I forgot something? > > Your ftp-data connections is being denied. FTP is a ugly, ugly > protocol for firewalls since it uses two channels, i.e. two completely > independent TCP connections. That looks like a failure of an > data-connetion initiated with a PORT command. Use passive (PASV) > FTP. It should work fine. > -- > Crist J. Clark cjclark@alum.mit.edu > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005901c05861$1528eed0$0100a8c0>