I'm having problems using an FTP server on a DMZ. I thought initially
the problem was with the ftp-proxy, but I've commented out those lines.
With still no luck.
The relevent parts of the pf.conf file are here.
WAN = xl0
DMZ = xl3
LOOPBACK = lo0
LAN1 = xl1
LAN2 = xl2
LANS = { $LAN1 $LAN2 }
Bryan Irvine wrote:
I'm having problems using an FTP server on a DMZ. I thought initially
the problem was with the ftp-proxy, but I've commented out those lines.
With still no luck.
You're being way too sparse on details, but I'll take a stab at it.
The relevent parts of the pf.conf file are
Is there any widespread interest in developing a portable version of pf,
similar to portable ssh? I know some efforts have been made to port it to
other BSD variants, but I would be very interested in a Solaris port. I've
used ipf under Solaris for a long time, however pf has long since overtaken
I'm trying to get active working. I've been fidgeting with it all day
and here's the rulesset that finally got passive to work.
#
pass in quick on $WAN proto { tcp udp } from any to $FTPServer port { \
ftp ftp-data } keep state
pass in
Yep. But I've read awful comments about the XL. In fact I've spent quite
a lot of money (for me, at least :-) to replace all my XL for Intel
82559 (fxp). Now I see it doesn't supports such features. Am I missing
something?
As I can't see any references to checksum offloading in the fxp
here what it looks like now.
pass in quick on $WAN inet proto tcp from any to $FTPServer port { ftp,\
ftp-data, 1023 } flags S/SA keep state
pass in on $WAN inet proto tcp from any to $FTPServer port www keep \
state
It pretty much does the same thing...take forever for the login prompt
to come
http://www.intel.com/network/connectivity/products/pro100srvr.htm boasts
cksumming for the server 82559
That doesn't say wether we support it.
If memory serves me right especially the fxp's had some great fuckup
in that area, but I might misremember.
understood. i recall reading
arrgghh! ok I must be missing something really simple.
on to my famous ascii art!!
[internet]---[OBSD]---[DMZ with ftp server] -public range no on a NAT
/ \
/ NAT2 (connects fine to ftp server in active mode)
NAT1 (also connects just fine in active
On Tuesday, May 27, 2003, at 08:30 US/Pacific, Uwe Dippel wrote:
--- Dries Schellekens [EMAIL PROTECTED] wrote:
What is the suggested policy to do here ? flush ? simply -f ?
nothing ?
(I have an ADSL with dynamic address)
The suggested policy is described in the official PF FAQ and in
From: Paul B. Henson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, May 27, 2003 9:05 PM
Subject: portable pf
Is there any widespread interest in developing a portable version of pf,
similar to portable ssh? I know some efforts have been made to port it to
other BSD variants, but I
On Tuesday, May 27, 2003, at 14:39 US/Pacific, Bryan Irvine wrote:
[internet]---[OBSD]---[DMZ with ftp server] -public range no on a NAT
/ \
/ NAT2 (connects fine to ftp server in active mode)
NAT1 (also connects just fine in active mode)
Clients on the
16:02:12.855960 12-213-225-238.client.attbi.com.42840
64-1-201-147.daf.concentric.net.ftp: . ack 1 win 17376
nop,nop,timestamp 901947366 1577248712 (DF)
16:02:12.859376 64-1-201-147.daf.concentric.net.38315
knox2.horvitznewspapers.net.domain: 52301+ PTR?
238.225.213.12.in-addr.arpa. (45)
It
I was wondering if there's any plans to include support for filtering by
window length in pf any time in the future? I believe this would be a
valuable feature to stop DDoS attacks, as they are usually all the same
window length, and I'm sure most of us have been in the situation where
we
On Tue, May 27, 2003 at 09:32:05PM -0400, Dave Wintrip wrote:
I was wondering if there's any plans to include support for filtering by
window length in pf any time in the future? I believe this would be a
valuable feature to stop DDoS attacks, as they are usually all the same
window length,
On Tuesday, May 27, 2003, at 18:32 US/Pacific, Dave Wintrip wrote:
I was wondering if there's any plans to include support for filtering
by
window length in pf any time in the future? I believe this would be a
valuable feature to stop DDoS attacks, as they are usually all the same
window length,
15 matches
Mail list logo
