Date: Tue, 29 May 2007 17:19:17 +0800 From: zhouyi zhou <zhouzhouyi@ercist.iscas.ac.cn> To: Volker <volker@vwsoft.com> Cc: mlaier@FreeBSD.org, freebsd-pf@freebsd.org Subject: Re: have anyone configured "synproxy state" beforce Message-ID: <20070529171917.23c348f6.zhouzhouyi@ercist.iscas.ac.cn> In-Reply-To: <465BED72.6090100@vwsoft.com> References: <007001c7a122$38fd41b0$1c024dd2@iosdf17a8152bc> <465BED72.6090100@vwsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Mr. Volker Thank you very much Zelest persuade me add a "set skip on lo0". That becomes: set skip on lo0 pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy stat\e Sincerely yours Zhouyi Zhou On Tue, 29 May 2007 11:08:02 +0200 Volker <volker@vwsoft.com> wrote: > On 05/28/07 14:17, Zhouyi Zhou wrote: > > high everyone,( in pariticular Max :-)) > > The configuration line in my pf.conf is: > > pass in quick on lo0 proto tcp from any to any port 21 flags S/SA synproxy > > state > > > > But: > > the connection is established, but the control did not seams to pass to the > > ftpd > > Sincerely yours > > Zhouyi Zhou > > Zhouyi, > > security@ is the wrong mailing list. Please post questions like this > to pf@. > > I'm wondering where this traffic originates? You're using interface > lo0 which will (most likely) be used for traffic on the local machine > but you should not find much traffic on that interface from other hosts. > > As you're using 21/tcp I assume you're playing with ftp traffic. Ftp > is not just using that single (control) port but a pair of 21/tcp and > a dynamic allocated port. You have to pass that traffic, too or > otherwise no data communication will be established. Also it is most > likely that you will have to use an FTP proxy. > > I suspect your whole problem is really not synproxy related. > > HTH > > Volker > > > > (Sorry for the previouly base64 encode mail caused by M$ outlook) > PS: FreeBSD is also great for workstations! :) >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070529171917.23c348f6.zhouzhouyi>