Hello! Sorry for stupid question. part of pf.conf: .... pass in on $ext_if proto tcp from any to any port 21 keep state pass in on $ext_if proto tcp from any to any port > 49151 keep state ... block return-rst in log on $ext_if proto tcp all
Part of log file: Feb 27 14:56:46.142988 rule 59/(match) block in on em0: a.b.c.d.54506 > e.f.g.h.49887: [|tcp] (DF) PF Debug output for rule #59: @59 block return-rst in log on em0 proto tcp all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] PF debug output for my FTP rule: @48 pass in on em0 proto tcp from any to any port > 49151 keep state [ Skip steps: d=50 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] and rule #50: @50 pass out all keep state [ Skip steps: f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] sysctl: net.inet.ip.porthifirst=49152 net.inet.ip.porthilast=65535 why I cannot establish FTP connection with host? where I wrong? same problem with udp/53: pass in inet proto tcp from any to my.ip.address.com port = 53 keep state #flags S/SA modulate state block return-icmp in log on $ext_if proto udp all don't allows incoming connections from another host (dig server.name @this.host) thank you for help! -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/ Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov
