Sorry, of course, this line exists in my config: @4 pass in quick inet proto tcp from any to my.ip.address.com port = ftp-data keep state [ Skip steps: i=44 d=50 f=44 p=44 sa=end sp=end da=12 ] [ queue: qname= qid=0 pqname= pqid=0 ]
On 2/27/06, edgarz <[EMAIL PROTECTED]> wrote: > hi! > you forgot port 20 (ftp-data) > > > vladimir plotnikov wrote: > > Hello! > > > > Sorry for stupid question. > > part of pf.conf: > > .... > > pass in on $ext_if proto tcp from any to any port 21 keep state > > pass in on $ext_if proto tcp from any to any port > 49151 keep state > > ... > > block return-rst in log on $ext_if proto tcp all > > > > > > Part of log file: > > Feb 27 14:56:46.142988 rule 59/(match) block in on em0: a.b.c.d.54506 > > > >>e.f.g.h.49887: [|tcp] (DF) > > > > > > PF Debug output for rule #59: > > @59 block return-rst in log on em0 proto tcp all > > [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] > > [ queue: qname= qid=0 pqname= pqid=0 ] > > > > PF debug output for my FTP rule: > > @48 pass in on em0 proto tcp from any to any port > 49151 keep state > > [ Skip steps: d=50 sa=end sp=end da=end ] > > [ queue: qname= qid=0 pqname= pqid=0 ] > > > > and rule #50: > > @50 pass out all keep state > > [ Skip steps: f=end sa=end sp=end da=end ] > > [ queue: qname= qid=0 pqname= pqid=0 ] > > > > > > sysctl: > > net.inet.ip.porthifirst=49152 > > net.inet.ip.porthilast=65535 > > > > > > why I cannot establish FTP connection with host? where I wrong? > > > > same problem with udp/53: > > pass in inet proto tcp from any to my.ip.address.com port = 53 keep > > state #flags S/SA modulate state > > block return-icmp in log on $ext_if proto udp all > > > > don't allows incoming connections from another host (dig server.name > > @this.host) > > > > thank you for help! > > > > -- > > Thank you. > > Vladimir. Y. Plotnikov, http://www.smartwebco.com/ Cell Phone > > +420-774-311-015 > > ICQ: 24270826, skype ID: vladimirplotnikov > -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/ Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov
