have anyone configured "synproxy state" beforce

zhouyi zhou zhouzhouyi at ercist.iscas.ac.cn
Tue May 29 10:27:31 UTC 2007 

It is state and surely not stat\e, sorry for the error :-)
On Tue, 29 May 2007 13:10:11 +0300
"Abdullah Ibn Hamad Al-Marri" <almarrie at gmail.com> wrote:

> On 5/29/07, zhouyi zhou <zhouzhouyi at ercist.iscas.ac.cn> wrote:
> > Dear Mr. Volker
> >  Thank you very much
> >  Zelest persuade me add a "set skip on lo0".
> >  That becomes:
> > set skip on lo0
> > pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy stat\e
> > Sincerely yours
> > Zhouyi Zhou
> > On Tue, 29 May 2007 11:08:02 +0200
> > Volker <volker at vwsoft.com> wrote:
> >
> > > On 05/28/07 14:17, Zhouyi Zhou wrote:
> > > > high everyone,( in pariticular Max :-))
> > > >  The configuration line in my pf.conf is:
> > > >  pass in quick on lo0 proto tcp from any to any port 21 flags S/SA synproxy
> > > > state
> > > >
> > > >  But:
> > > >  the connection is established, but the control did not seams to pass to the
> > > > ftpd
> > > > Sincerely yours
> > > > Zhouyi Zhou
> > >
> > > Zhouyi,
> > >
> > > security@ is the wrong mailing list. Please post questions like this
> > > to pf at .
> > >
> > > I'm wondering where this traffic originates? You're using interface
> > > lo0 which will (most likely) be used for traffic on the local machine
> > >  but you should not find much traffic on that interface from other hosts.
> > >
> > > As you're using 21/tcp I assume you're playing with ftp traffic. Ftp
> > > is not just using that single (control) port but a pair of 21/tcp and
> > > a dynamic allocated port. You have to pass that traffic, too or
> > > otherwise no data communication will be established. Also it is most
> > > likely that you will have to use an FTP proxy.
> > >
> > > I suspect your whole problem is really not synproxy related.
> > >
> > > HTH
> > >
> > > Volker
> > >
> > >
> > > >  (Sorry for the previouly base64 encode mail caused by M$ outlook)
> > > PS: FreeBSD is also great for workstations! :)
> 
> Please make sure you fix the typos in your rule it's state and not stat\e
> 
> pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy state
> 
> As for Volker  he is a real helpful guy, thank you Volker :)
> 
> 
> -- 
> Regards,
> 
> -Abdullah Ibn Hamad Al-Marri
> Arab Portal
> http://www.WeArab.Net/
>

More information about the freebsd-pf mailing list