On 5/29/07, zhouyi zhou <[EMAIL PROTECTED]> wrote:
Dear Mr. Volker
Thank you very much
Zelest persuade me add a "set skip on lo0".
That becomes:
set skip on lo0
pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy
stat\e
Sincerely yours
Zhouyi Zhou
On Tue, 29 May 2007 11:08:02 +0200
Volker <[EMAIL PROTECTED]> wrote:
> On 05/28/07 14:17, Zhouyi Zhou wrote:
> > high everyone,( in pariticular Max :-))
> > The configuration line in my pf.conf is:
> > pass in quick on lo0 proto tcp from any to any port 21 flags S/SA synproxy
> > state
> >
> > But:
> > the connection is established, but the control did not seams to pass to the
> > ftpd
> > Sincerely yours
> > Zhouyi Zhou
>
> Zhouyi,
>
> security@ is the wrong mailing list. Please post questions like this
> to [EMAIL PROTECTED]
>
> I'm wondering where this traffic originates? You're using interface
> lo0 which will (most likely) be used for traffic on the local machine
> but you should not find much traffic on that interface from other hosts.
>
> As you're using 21/tcp I assume you're playing with ftp traffic. Ftp
> is not just using that single (control) port but a pair of 21/tcp and
> a dynamic allocated port. You have to pass that traffic, too or
> otherwise no data communication will be established. Also it is most
> likely that you will have to use an FTP proxy.
>
> I suspect your whole problem is really not synproxy related.
>
> HTH
>
> Volker
>
>
> > (Sorry for the previouly base64 encode mail caused by M$ outlook)
> PS: FreeBSD is also great for workstations! :)
Please make sure you fix the typos in your rule it's state and not stat\e
pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy state
As for Volker he is a real helpful guy, thank you Volker :)
--
Regards,
-Abdullah Ibn Hamad Al-Marri
Arab Portal
http://www.WeArab.Net/
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
