Hi, For your ftp issue, see here : http://www.openbsd.org/faq/pf/ftp.html
Wesley. M www.mouedine.net www.e-solutions.re On Wed, 20 Jul 2011 23:26:33 -0700, fqui nonez <fquinon...@gmail.com> wrote: > 2011/7/20 fqui nonez <fquinon...@gmail.com>: >> 2011/7/20 Andres Perera <andre...@zoho.com>: >>> On Wed, Jul 20, 2011 at 8:49 AM, fqui nonez <fquinon...@gmail.com> >>> wrote: >> >>>>>> On Wed, 20 Jul 2011 01:09:09 -0700, fqui nonez <fquinon...@gmail.com> >>>>>> wrote: >>>>>>> Hello >>>>>>> >>>>>>> I have a sshd/ftpd/httpd server box, 4.9 stable; and I want to log >>>>>>> all >>>>>>> blocked packets, and send them to /var/log/pfblocklog to be read >>>>>>> with >>>>>>> tcpdump. What and where should be the rule? >> >>>>>>> Thanks for your attention. >>>> >>>> Hello >>>> >>>> I changed it to: >>>> >>>> # $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $ >>>> # >>>> >>>> set skip on lo >>>> >>>> ### Agregadas por mi: (added by me) >>>> block log >>>> >>>> pass out quick on rl0 >>>> >>>> antispoof quick for rl0 >>>> >>>> pass in log on rl0 proto tcp from any to port 22 >>>> pass in log on rl0 proto tcp from any to port 21 >>>> pass in log on rl0 proto tcp from any to port 80 >>> >>> replace all three by: >>> pass in log on rl0 proto tcp to port { 21 22 80 } >>> >>>> >>>> ### Fin. (end) >>>> >>>> # filter rules and anchor for ftp-proxy(8) >>>> anchor "ftp-proxy/*" >>>> pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 >>> >>> you already pass these packets before. redundant rules make pfctl >>> output hard to read, so change it to: >>> match in proto tcp to port ftp rdr-to localhost port 8021 >>> >> >> Done, thanks again! >> > > Hello, again. > > I am receiving this message at client side : > "425 Can't build data connection: illegal port number" > then, i changed it to: > > # $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $ > > set skip on lo > > # filter rules and anchor for ftp-proxy(8) > anchor "ftp-proxy/*" > pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 > > ### Agregadas por mi: (added by me) > block log > > pass out quick on rl0 > > antispoof quick for rl0 > > pass in log on rl0 proto tcp from any to port {21 22 80} > > ### Fin. (end) > > #pass # to establish keep-state > > # By default, do not permit remote connections to X11 > #block in on ! lo0 proto tcp to port 6000:6010 > > ftpd is not working correctly with those rules; does somebody see the > error? > > Thanks for your attention.