Hi,
For your ftp issue, see here : http://www.openbsd.org/faq/pf/ftp.html
Wesley. M
www.mouedine.net
www.e-solutions.re
On Wed, 20 Jul 2011 23:26:33 -0700, fqui nonez <fquinon...@gmail.com>
wrote:
> 2011/7/20 fqui nonez <fquinon...@gmail.com>:
>> 2011/7/20 Andres Perera <andre...@zoho.com>:
>>> On Wed, Jul 20, 2011 at 8:49 AM, fqui nonez <fquinon...@gmail.com>
>>> wrote:
>>
>>>>>> On Wed, 20 Jul 2011 01:09:09 -0700, fqui nonez
<fquinon...@gmail.com>
>>>>>> wrote:
>>>>>>> Hello
>>>>>>>
>>>>>>> I have a sshd/ftpd/httpd server box, 4.9 stable; and I want to log
>>>>>>> all
>>>>>>> blocked packets, and send them to /var/log/pfblocklog to be read
>>>>>>> with
>>>>>>> tcpdump. What and where should be the rule?
>>
>>>>>>> Thanks for your attention.
>>>>
>>>> Hello
>>>>
>>>> I changed it to:
>>>>
>>>> # $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
>>>> #
>>>>
>>>> set skip on lo
>>>>
>>>> ### Agregadas por mi: (added by me)
>>>> block log
>>>>
>>>> pass out quick on rl0
>>>>
>>>> antispoof quick for rl0
>>>>
>>>> pass in log on rl0 proto tcp from any to port 22
>>>> pass in log on rl0 proto tcp from any to port 21
>>>> pass in log on rl0 proto tcp from any to port 80
>>>
>>> replace all three by:
>>> pass in log on rl0 proto tcp to port { 21 22 80 }
>>>
>>>>
>>>> ### Fin. (end)
>>>>
>>>> # filter rules and anchor for ftp-proxy(8)
>>>> anchor "ftp-proxy/*"
>>>> pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
>>>
>>> you already pass these packets before. redundant rules make pfctl
>>> output hard to read, so change it to:
>>> match in proto tcp to port ftp rdr-to localhost port 8021
>>>
>>
>> Done, thanks again!
>>
>
> Hello, again.
>
> I am receiving this message at client side :
> "425 Can't build data connection: illegal port number"
> then, i changed it to:
>
> # $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
>
> set skip on lo
>
> # filter rules and anchor for ftp-proxy(8)
> anchor "ftp-proxy/*"
> pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
>
> ### Agregadas por mi: (added by me)
> block log
>
> pass out quick on rl0
>
> antispoof quick for rl0
>
> pass in log on rl0 proto tcp from any to port {21 22 80}
>
> ### Fin. (end)
>
> #pass # to establish keep-state
>
> # By default, do not permit remote connections to X11
> #block in on ! lo0 proto tcp to port 6000:6010
>
> ftpd is not working correctly with those rules; does somebody see the
> error?
>
> Thanks for your attention.
