I've started learning of, and have manse some simple pf.conf
Everything works, except ftp. I even got torrents to work
I've read http://www.openbsd.org/faq/pf/ftp.html but somehow I can't get ftp to work....
/etc/pf.conf
/etc/rc.conf
Here's what's happening after I try to connect to my ISP ftp server
Any iseas what did I do wrong? I'm already hitting my head against wall
:OOO
This is my desktop PC behind wireless router.
Everything works, except ftp. I even got torrents to work
I've read http://www.openbsd.org/faq/pf/ftp.html but somehow I can't get ftp to work....
/etc/pf.conf
Code:
ext_if = "rl0"
ext_ip = "192.168.128.100"
lo_if = "lo0"
net_type = "inet"
ssh_port = "60386"
torrent_tcp_port = "6890"
torrent_udp_port = "6881"
common_pass = "{ http, https, domain, ftp, ftp-data, imaps, nameserver, nicname, xmpp-client, silc, ntp," $ssh_port "}"
tcp_pass = "{ ircd, ftp-proxy }"
[color="Gray"]#udp_pass = "{ }"[/color]
common_block = "{ ssh, telnet }"
[color="Gray"]#tcp_block = "{ }"
#udp_block = "{ }"[/color]
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $ext_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
antispoof log for $ext_if
[color="Gray"]# Block and log everything[/color]
block log all
[color="Gray"]# excetp lo0[/color]
pass quick on $lo_if all
[color="Gray"]# blcok default ssh port and telnet port[/color]
block quick log on $ext_if proto { tcp, udp } from any to any port $common_block
[color="Gray"]# Enable Torrents tcp[/color]
pass in quick on $ext_if $net_type proto tcp from any to $ext_ip port $torrent_tcp_port keep state
pass out quick on $ext_if $net_type proto tcp from $ext_ip port $torrent_tcp_port to any keep state
[color="Gray"]# Enable Torrents udp[/color]
pass in quick on $ext_if $net_type proto udp from any to $ext_ip port $torrent_udp_port keep state
pass out quick on $ext_if $net_type proto udp from $ext_ip port $torrent_udp_port to any keep state
[color="Gray"]# Enable Torrents listen for incoming connections[/color]
pass in on $ext_if $net_type proto tcp from any to $ext_ip port 10000:65000 keep state
[color="Gray"]# Enable services on TCP and UDP[/color]
pass in log on $ext_if $net_type proto { tcp, udp } from any to $ext_ip port $common_pass
pass out log on $ext_if $net_type proto { tcp, udp } from $ext_ip to any port $common_pass
[color="Gray"]# Enable services on TCP[/color]
pass in log on $ext_if $net_type proto tcp from any to $ext_ip port $tcp_pass
pass out log on $ext_if $net_type proto tcp from $ext_ip to any port $tcp_pass
/etc/rc.conf
Code:
ifconfig_rl0="inet 192.168.128.100 netmask 0xffffff00"
defaultrouter="192.168.128.1"
hostname="killasmurf86.homepc"
pf_enable="YES"
pflog_enable="YES"
ftpproxy_enable="YES"
Here's what's happening after I try to connect to my ISP ftp server
Code:
# tcpdump -ttt -n -e -r /var/log/pflog | grep 83.241.1.212
reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
00:00:00.001914 rule 50/0(match): pass out on rl0: 192.168.128.100.64961 > 83.241.1.212.21: Flags [S], seq 3701767531, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS[|tcp]>
00:00:00.164179 rule 8/0(match): [color="Red"]block out[/color] on rl0: 192.168.128.100.24090 > 83.241.1.212.12912: Flags [S], seq 680468111, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS[|tcp]>
00:00:00.004795 rule 8/0(match): [color="Red"]block out[/color] on rl0: 192.168.128.100.53138 > 83.241.1.212.8637: Flags [S], seq 803526260, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS[|tcp]>
Any iseas what did I do wrong? I'm already hitting my head against wall
:OOO
This is my desktop PC behind wireless router.