Date: Tue, 29 May 2007 13:10:11 +0300 From: "Abdullah Ibn Hamad Al-Marri" <almarrie@gmail.com> To: "zhouyi zhou" <zhouzhouyi@ercist.iscas.ac.cn> Cc: Volker <volker@vwsoft.com>, freebsd-pf@freebsd.org Subject: Re: have anyone configured "synproxy state" beforce Message-ID: <499c70c0705290310r125510f3ibba97895bcd105c9@mail.gmail.com> In-Reply-To: <20070529171917.23c348f6.zhouzhouyi@ercist.iscas.ac.cn> References: <007001c7a122$38fd41b0$1c024dd2@iosdf17a8152bc> <465BED72.6090100@vwsoft.com> <20070529171917.23c348f6.zhouzhouyi@ercist.iscas.ac.cn>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/29/07, zhouyi zhou <zhouzhouyi@ercist.iscas.ac.cn> wrote: > Dear Mr. Volker > Thank you very much > Zelest persuade me add a "set skip on lo0". > That becomes: > set skip on lo0 > pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy stat\e > Sincerely yours > Zhouyi Zhou > On Tue, 29 May 2007 11:08:02 +0200 > Volker <volker@vwsoft.com> wrote: > > > On 05/28/07 14:17, Zhouyi Zhou wrote: > > > high everyone,( in pariticular Max :-)) > > > The configuration line in my pf.conf is: > > > pass in quick on lo0 proto tcp from any to any port 21 flags S/SA synproxy > > > state > > > > > > But: > > > the connection is established, but the control did not seams to pass to the > > > ftpd > > > Sincerely yours > > > Zhouyi Zhou > > > > Zhouyi, > > > > security@ is the wrong mailing list. Please post questions like this > > to pf@. > > > > I'm wondering where this traffic originates? You're using interface > > lo0 which will (most likely) be used for traffic on the local machine > > but you should not find much traffic on that interface from other hosts. > > > > As you're using 21/tcp I assume you're playing with ftp traffic. Ftp > > is not just using that single (control) port but a pair of 21/tcp and > > a dynamic allocated port. You have to pass that traffic, too or > > otherwise no data communication will be established. Also it is most > > likely that you will have to use an FTP proxy. > > > > I suspect your whole problem is really not synproxy related. > > > > HTH > > > > Volker > > > > > > > (Sorry for the previouly base64 encode mail caused by M$ outlook) > > PS: FreeBSD is also great for workstations! :) Please make sure you fix the typos in your rule it's state and not stat\e pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy state As for Volker he is a real helpful guy, thank you Volker :) -- Regards, -Abdullah Ibn Hamad Al-Marri Arab Portal http://www.WeArab.Net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?499c70c0705290310r125510f3ibba97895bcd105c9>