Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 3 Feb 2002 17:40:47 -0800 (PST)
From:      Hongbo Li <stevensbsd@yahoo.com>
To:        freebsd-stable@freebsd.org
Subject:   ipfilter problem in FreeBSD 4.5
Message-ID:  <20020204014047.9400.qmail@web13402.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help 
I use a dual-homed FreeBSD box as firewall gateway,
running FreeBSD 4.5 stable and ipfilter 3.4.20 . Every
time I use a ftp client from a internal
box to access a external ftp server, I can succesfully
login in and do something. But when the ftp connection
timeouts and I run the "ls" command over the
connection, the gateway box(FreeBSD) hangs. who can
tell me why? Thanks! By the way, Before I upgraded the
FreeBSD box to 4.5 stable, the box run perfectly(4.4
stable and 4.5 RC).

        vr1             vr0
internal<>FBSD Box with <>  external network
 box         ipfilter

#The internal interface: vr1  192.168.0.1
#The external interface: vr0  10.17.41.198

my ipf rules file:
#/etc/ipf.rules
pass in quick on vr1 all
pass out quick on vr1 all
pass out quick on vr0 proto tcp from any to any keep
state keep frags
pass out quick on vr0 proto udp from any to any keep
state keep frags
pass in quick on vr0 proto tcp from 10.17.41.201 to
any port = 8888 flags S
keep state keep frags
block return-rst in log quick on vr0 proto tcp from
any to any port = 21
block return-rst in log quick on vr0 proto tcp from
any to any port = 23
block return-rst in log quick on vr0 proto tcp from
any to any port = 139
block return-rst in log quick on vr0 proto tcp from
any to any port = 3128
block return-rst in log quick on vr0 proto tcp from
any to any port = 25
block return-rst in log quick on vr0 proto tcp from
any to any port = 587
block in quick on vr0 proto udp from any to any

my ipnat rules file:
#/etc/ipnat.rules
rdr vr1 192.168.0.1/32 port 80 -> 192.168.0.1 port 80
rdr vr1 0.0.0.0/0 port 80 -> 192.168.0.1 port 3128
map vr0 192.168.0.0/24 -> 0/32 proxy port 21 ftp/tcp
#map vr1 10.17.41.198/32 -> 10.17.41.198/32 proxy port
21 ftp/tcp
map vr0 192.168.0.0/24 -> 0/32 portmap tcp/udp
1025:65000
map vr0 192.168.0.0/24 -> 0/32
rdr vr0 10.17.41.198/32 port 80 -> 192.168.0.2 port
8888


__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020204014047.9400.qmail>