Problem with ftp-proxy
Matheus Lamberti
matheuslamberti at yahoo.com
Mon May 8 20:19:18 UTC 2006
Hello list,
Whell, i have implemented a firewall with the default
police "block all", i made very restritive rules
allowing only some connecting ports from the machines
of my LAN.
My problem is, the ftp-proxy is working...
* inetd call then with my flags
* the ftp transaction starts
* but i can recieve back the answer from the remote
server
Bellow is a part of my pf.conf file ...
-- start --
# ftp-proxy
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $if_intr proto tcp to port ftp ->
127.0.0.1 port 8021
# rules
anchor "ftp-proxy/*"
pass out on $if_adsl proto udp from $if_adsl to any
port $udp_sai keep state
pass out on $if_adsl proto tcp from $if_adsl to any
port $tcp_sai flags $flagtcp modulate state
pass out on $if_adsl proto tcp from $if_adsl to any
port $tcp_ent flags $flagtcp modulate state
pass in on $if_adsl from any to $srv_vip modulate
state
pass in on $if_adsl from any to $if_adsl keep state
pass out on $if_intr from any to $intrant modulate
state
pass in on $if_intr proto udp from $intrant to any
port $udp_sai keep state
pass in on $if_intr proto tcp from $intrant to any
port $tcp_sai flags $flagtcp keep state
pass in on $if_intr proto tcp from $intrant to any
port $tcp_ent flags $flagtcp keep state
pass in on $if_intr proto { tcp, udp } from $intrant
to $srv_bsd port $dhcp_pt keep state
pass in on $if_intr proto { tcp, udp } from $ip_voip
to any keep state
-- end --
Matheus Lamberti de Abreu
BSD UserID: 051370 / ICQ UIN: 58854189
" Diante da vastidão do tempo...
E da imensidão do universo,
É um imenso prazer pra mim,
Dividir um planeta e uma época com você! " ( Carl Sagan )
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the freebsd-pf
mailing list