Date: Fri, 8 Dec 2006 19:14:11 +0100 From: Gergely CZUCZY <phoemix@harmless.hu> To: "Roman Gorohov. " <roma.a.g@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: FTP problem Message-ID: <20061208181411.GA23064@harmless.hu> In-Reply-To: <1904646577.20061208165302@gmail.com> References: <546388630.20061207163149@gmail.com> <20061207133535.GA16219@harmless.hu> <1904646577.20061208165302@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 08, 2006 at 04:53:02PM +0300, Roman Gorohov. wrot= e: > Hello, Gergely. >=20 > > try to use pftpx instead of ftp-proxy, it's available from ports. >=20 >=20 > > Bye, >=20 > > Gergely Czuczy >=20 > I tried switch to pftpx and got same result. > Last messages: > Dec 7 17:02:05 fw-spb pftpx[7306]: client limit (100) reached, refusing = connection from 10.10.1.70 > Dec 7 17:02:47 fw-spb pftpx[7306]: client limit (100) reached, refusing = connection from 10.10.1.70 > Dec 7 17:02:55 fw-spb pftpx[7306]: #296 proxy cannot connect to server 1= 0.10.1.70: Operation not permitted > Dec 7 17:03:03 fw-spb pftpx[7306]: client limit (100) reached, refusing = connection from 10.10.1.70 > Dec 7 17:03:15 fw-spb last message repeated 2 times > Then it hang. >=20 > Address 10.10.1.70 is server itself, so I don't understand whats going on= =2E.. > I started to think that there is some loop in pf rules, this would > nicely explain why there isn't any messages at console. But I can't > see any. > This is all referencing to ftp in my pf.conf: > rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8= 021 > pass out on $ext_if inet proto tcp from $ext_if to any port 21 flags S/AU= PRFS modulate state > pass in on $ext_if proto tcp from any to any port 21 keep state if you paste a ruleset please also resolv all of the macros and include the interface definitions also. we don't even know what addresses your $int_if is having where do you recieve your ftp connections from, and with what configuration are you using for pftpx >=20 > Any suggestions? man pftpx, check the parameters. think of these while doing that: > Dec 7 17:02:05 fw-spb pftpx[7306]: client limit (100) reached, refusing = connection from 10.10.1.70 > Dec 7 17:02:47 fw-spb pftpx[7306]: client limit (100) reached, refusing = connection from 10.10.1.70 > Dec 7 17:03:03 fw-spb pftpx[7306]: client limit (100) reached, refusing = connection from 10.10.1.70 and for this, check your pf ruleset. if the sendning of the packet is disabled by a local pf rule, you might get that error message > Dec 7 17:02:55 fw-spb pftpx[7306]: #296 proxy cannot connect to server 1= 0.10.1.70: Operation not permitted as a general good hint i'd suggest reading google://how+to+ask for you. it's not a joke, it's a serious suggestion. > Regards, Roman. >=20 >=20 Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu --=20 Weenies test. Geniuses solve problems that arise. --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) owHdVs1uHEUQdhK4tMQh3LigkkAY8M54dv2zzqK1yY8dIoESHCNAUYTaMzUzzfZ0 D909Xm/EA3CIUARIQUIoDxAhIQRHhMQD8Bac4MIbUN2zs3EsJE74gL1ae7p7vqr6 6qvqevDchaXzF3/7/sc7K/e/+Obcd+zdw5WqcU4VUcXNkVBRP0n60WAt2VyP1qNB snUpP9zorw0H60me5ruzx/aqVg6Viw5mNY7A4bFbrSUX6g1IS24sunHj8miLdeeu CVtrK5zQagRCSaFwsXdguLI5mmhXpToTqhjBJ412mEW1EcrxQ4mM3VSwZ0QPrmEK yVYPBkmyCdxBsj7aWBslg1vvwEqyliQ92NcVV3BdG13qoxie/pka7cYMR2wb3kIp dQ+uoylQzmK2PR4ktLwNzszAaWgsQp27+pj8tQ55BjoHeiav9PGsB8ItW+BHXEjv IeRGV1Br42wH1eFdmWHvydPcHly916T3Zt36DbIqMAM7FS4tvfnWNFcZFNqB5RWC QdtIR/DwNrcOKrSWF2h9MJ4WGEJ/SFSMkg3Ip5GtD1uQO0NK5N0RpFIQ3SBFJRy8 Sil+jRB5WmLWo3/yxhL1MGapVgpTn6k2pn4S+088TE7bWR+ejZ2Nf47npcGlTQjJ gJQrRSzNIT19Fs0RGuiP2QJ2BDdrNDxY9KfpgTwknT1tj9S0dhZxrY36i7jkiXwS Vo2c3IIBOEGL9NpBiYoEByVXxUKpl7OMFGFPGABhu8CFsyjzHlhN2sq0WnbQqAyN dV5S05I7S8LyHms1ZuPBbhwHGdK+8baJQlcKNaFvqjJXosGArkmHUuuaioLYAdNI tD1/1MJUN9JzqUTqBY7HoSOQrdnife8GV7OFdH0FE19WS4zhSuPIAUrlsiMUi+iP xiF6QqcPl9ITTVAq9Z6Tj5Qf70k1I2diQsp9MZjMQM2JGUrBy9RBPhK514kPKa3b pHgn6Nn/8TULgz5E29AfDOOEfvvt4haJZ9AnwBaM3POA1Os8IHUwdxq12zuFnEte WLi9evm9Mbu1v3cbKp01klLs2XbYGaA4TuD/u8MTxHqOQOdnuvEwBMrbrHj3JHLq YlySCkgqWh4FDqmPUUKg4qnRlnk9CJXKJsOwTIShyXmKkGEuVOjZNmDEbIpzLeER CXKi9DRICXgrRUoouWEWpFPOSk73ScGmQQCZDm4aTAUBtGd9Bp+UjA3R9kLfo1ZY BnhfUrkomnntchNehbbgcm3aMl2UBVFkm4LUFQB3mL8OwokeXU6YTkKUNTfUUilS atet0FtWiK5pKaT3NUiMzP/P++t/2O+CtnyCfH/o2A9Z71oHuhhEK0eLKlOhIeWs zVA6IQ2ThjJh/RWbweGMxC11ymUH0AtKqERROijQhXwxNIZsznvMmV8mFDWVC3mj aF9Sk9UZkMAokuWsE6Yn0k86jHYLiaPV1VJPV5xe4XYSCKOoYhYmDA/O4WM9wW7k 8O4I3dgTKo8ZhbmPBTeZnU9AJ6cQFkYQdmr0qGh0cXpEnrYTUBqW36T5raLM2Lhs GIsi//77iEpQcTuyFtMEo0Tja903FPSkUXIq294U3AiLMfts58KzS35Q7KbMi+d/ fWbp0aH5/MEfvz/86361cePrT7/86YdXXv926dFe/CJ/CF+de/6xEdkHP/+y8+EL f/4N =V6AV -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061208181411.GA23064>