It is state and surely not stat\e, sorry for the error :-) On Tue, 29 May 2007 13:10:11 +0300 "Abdullah Ibn Hamad Al-Marri" <[EMAIL PROTECTED]> wrote:
> On 5/29/07, zhouyi zhou <[EMAIL PROTECTED]> wrote: > > Dear Mr. Volker > > Thank you very much > > Zelest persuade me add a "set skip on lo0". > > That becomes: > > set skip on lo0 > > pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy > > stat\e > > Sincerely yours > > Zhouyi Zhou > > On Tue, 29 May 2007 11:08:02 +0200 > > Volker <[EMAIL PROTECTED]> wrote: > > > > > On 05/28/07 14:17, Zhouyi Zhou wrote: > > > > high everyone,( in pariticular Max :-)) > > > > The configuration line in my pf.conf is: > > > > pass in quick on lo0 proto tcp from any to any port 21 flags S/SA > > > > synproxy > > > > state > > > > > > > > But: > > > > the connection is established, but the control did not seams to pass > > > > to the > > > > ftpd > > > > Sincerely yours > > > > Zhouyi Zhou > > > > > > Zhouyi, > > > > > > security@ is the wrong mailing list. Please post questions like this > > > to [EMAIL PROTECTED] > > > > > > I'm wondering where this traffic originates? You're using interface > > > lo0 which will (most likely) be used for traffic on the local machine > > > but you should not find much traffic on that interface from other hosts. > > > > > > As you're using 21/tcp I assume you're playing with ftp traffic. Ftp > > > is not just using that single (control) port but a pair of 21/tcp and > > > a dynamic allocated port. You have to pass that traffic, too or > > > otherwise no data communication will be established. Also it is most > > > likely that you will have to use an FTP proxy. > > > > > > I suspect your whole problem is really not synproxy related. > > > > > > HTH > > > > > > Volker > > > > > > > > > > (Sorry for the previouly base64 encode mail caused by M$ outlook) > > > PS: FreeBSD is also great for workstations! :) > > Please make sure you fix the typos in your rule it's state and not stat\e > > pass in quick on rl0 proto tcp from any to any port=21 flags S/SA synproxy > state > > As for Volker he is a real helpful guy, thank you Volker :) > > > -- > Regards, > > -Abdullah Ibn Hamad Al-Marri > Arab Portal > http://www.WeArab.Net/ > _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
