Fw: Re: question

Sun Jul 26 13:43:06 UTC 2009

--- On Tue, 7/21/09, Zohreh <zohreh_ir at yahoo.com> wrote:

From: Zohreh <zohreh_ir at yahoo.com>
Subject: Re: question
To: "Giorgos Keramidas" <keramida at ceid.upatras.gr>
Date: Tuesday, July 21, 2009, 2:43 PM

Dear Sir/Madam 
tahnk you fo your reply ,  i have checked my squid setting , and ftp_passive =on ,
i disabled firewall and brows ftp site ,i brows first page of ftp site but ia can not brows all link on it and take me this error :the folder ftp://ftp.hp.com is read only because the proxy server is not  set up to allow full access .

after that i enabeld firewall and check it again but i cannot brows ftp site . my rule set that i set is as follow :

IPF="ipfw -q add"
skip="skipto 800"
ipfw -q -f flush
#bge0 is outbound port on internet
#bge1 is inbound port on LAN network
#loopback 
$IPF 10 allow all from any to any via bge1    
$IPF 11 allow all from any to any via lo0
#$IPF 20 deny all from any to 127.0.0.0/8
#$IPF 30 deny all from 127.0.0.0/8 to any
#$IPF 40 deny tcp from any to any frag 
#$IPF 12 divert natd ip from any to any in via bge0
#statefull
$IPF 50 check-state
#$IPF 60 allow tcp from any to any established
#$IPF 70 allow all from any to any out keep-state
#$IPF 80 allow icmp from any to any 
$IPF 90 allow all from any to any
#open port ftp(20,21),mail(25),http(80),https(443),ssh(22),dns(53)
$IPF 100 allow tcp from any to x.x.x.x 53 out via bge0 setup keep-state  
$IPF 101 allow udp from any to x.x.x.x 53 out via bge0  keep-state
$IPF 110 allow tcp from any to any 80 out via bge0 setup keep-state
$IPF 120 allow tcp from any to any 443 out via bge0 setup keep-state
$IPF 130 allow tcp from any to any 25 out via bge0 setup keep-state
$IPF 140 allow tcp from any to any 110 out via bge0 setup keep-state
$IPF 150 allow icmp from any to any out via bge0  keep-state
$IPF 160 allow tcp from any to any 20 out via bge0 setup keep-state
$IPF 170 allow tcp from any to any 21 out via bge0 setup keep-state
#$IPF 171 fwd 10.10.40.40 tcp from 192.168.32.0,21 to any 21 
#$IPF 172 allow tcp from any to any 20 in via bge0
$IPF 180 allow tcp from any to any 22 out via bge0 setup keep-state
$IPF 190 allow tcp from any to any 43 out via bge0 setup keep-state
$IPF 200 allow tcp from any to any 53 out via bge0 setup keep-state
$IPF 210 allow udp from any to any 53 out via bge0 setup keep-state
$IPF 220 deny all from 192.168.0.0/16 to any in via bge0 
$IPF 221 deny all from 172.16.0.0/12 to any in via bge0
$IPF 222 deny all from 10.0.0.0/8 to any in via bge0 
$IPF 223 deny all from 0.0.0.0/8 to any in via bge0
$IPF 224 deny all from 169.254.0.0/16 to any in via bge0
$IPF 225 deny all from 192.0.2.0/24 to any in via bge0
$IPF 226 deny all from 204.152.64.0/23 to any in via bge0
$IPF 227 deny all from 224.0.0.0/3 to any in via bge0
$IPF 240 deny icmp from any to any in via bge0
#$IPF 241 allow icmp from 10.10.40.40 to 10.10.40.43 in via bge0
$IPF 250 deny tcp from any to any 113 in via bge0
$IPF 260 deny tcp from any to any 137 in via bge0
$IPF 261 deny tcp from any to any 138 in via bge0
$IPF 262 deny tcp from any to any 139 in via bge0
$IPF 263 deny tcp from any to any 81 in via bge0  
$IPF 270 deny all from any to any frag in via bge0
$IPF 280 deny tcp from any to any established in via bge0
$IPF 290 allow tcp from any to me 80 in via bge0 setup limit src-addr 2 
#$IPF 800 divert natd ip from any to any out via bge0
#$IPF 801 allow ip from any to any 
#deny log everything
$IPF 900 deny log all from any to any  

i would appriciated if you help me to solve this problem . of course i have this problem with pop3 and smtp in order to send email through of my proxy server . 

thank you for your attention to this matter

best regards
zohreh

--- On Fri, 7/17/09, Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:

From: Giorgos Keramidas <keramida at ceid.upatras.gr>
Subject: Re: question
To: "Zohreh" <zohreh_ir at yahoo.com>
Cc: freebsd-questions at FreeBSD.org
Date: Friday, July 17, 2009, 11:58 PM

On Fri, 17 Jul 2009 10:51:57 -0700 (PDT), Zohreh <zohreh_ir at yahoo.com> wrote:
> Dear Sir/Madam 
>  
> i have a question about free bsd and squid that was installed on it.
> i insatlled squid 2.6 stabled 20 on freebsd 7. and i enabled firewall
> on freebsd .  now i brows http sites on internet but i cannot brows
> ftp site and i cannot pass pop3 through of my squid .  can you hlep me
> , how to config squid and freebsd to pass ftp and pop3 ?  thank you
> for your attention   best regards zohreh  

You seem to have blocked FTP access by tweaking the firewall ruleset.

Either show us the ruleset you are using, or try setting in the
environment of the squid proxy the option "FTP_PASSIVE_MODE=1".