Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 May 2007 11:08:02 +0200
From:      Volker <volker@vwsoft.com>
To:        Zhouyi Zhou <zhouzhouyi@ercist.iscas.ac.cn>
Cc:        mlaier@FreeBSD.org, "FreeBSD \(PF\)" <freebsd-pf@freebsd.org>
Subject:   Re: have anyone configured "synproxy state" beforce
Message-ID:  <465BED72.6090100@vwsoft.com>
In-Reply-To: <007001c7a122$38fd41b0$1c024dd2@iosdf17a8152bc>
References:  <007001c7a122$38fd41b0$1c024dd2@iosdf17a8152bc>

next in thread | previous in thread | raw e-mail | index | archive | help
On 05/28/07 14:17, Zhouyi Zhou wrote:
> high everyone,( in pariticular Max :-))
>  The configuration line in my pf.conf is:
>  pass in quick on lo0 proto tcp from any to any port 21 flags S/SA synproxy 
> state
> 
>  But:
>  the connection is established, but the control did not seams to pass to the 
> ftpd
> Sincerely yours
> Zhouyi Zhou 

Zhouyi,

security@ is the wrong mailing list. Please post questions like this
to pf@.

I'm wondering where this traffic originates? You're using interface
lo0 which will (most likely) be used for traffic on the local machine
 but you should not find much traffic on that interface from other hosts.

As you're using 21/tcp I assume you're playing with ftp traffic. Ftp
is not just using that single (control) port but a pair of 21/tcp and
a dynamic allocated port. You have to pass that traffic, too or
otherwise no data communication will be established. Also it is most
likely that you will have to use an FTP proxy.

I suspect your whole problem is really not synproxy related.

HTH

Volker


>  (Sorry for the previouly base64 encode mail caused by M$ outlook)
PS: FreeBSD is also great for workstations! :)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?465BED72.6090100>