[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPF question



Can someone please tell me what i am doing wrong in my rule set?....i can ftp
into my network but not do a **ls - Dir once i connect it just sits there.

here is my config with 1 ip running nat
nterface information
#
# fxp0 - External
# fxp1 - Internal
#-----------------------------------------------
# Group Setup
#
# Block the nasties
#block in log quick on fxp0 proto tcp from any to any flags FUP
#block in quick on fxp0 proto icmp from any to any icmp-type redir
#block in log quick on fxp0 proto tcp/udp from any to any with short
#block in log quick on fxp0 from any to any with ipopts head 100
#block in log on fxp0 proto tcp from any to any flags S/SA head 200
#block return-rst in log on fxp0 proto tcp from any to any flags S/SA
#block return-rst in on fxp0 proto tcp from any to any port = auth flags S/SA

# Blocked private address from outside the firewall
#block in log quick on fxp0 from 192.168.4.0/24 to any
#block in log quick on fxp0 from 127.0.0.1 to any
#block in log quick on fxp0 from 10.0.0.0/8 to any
#block in log quick on fxp0 from 172.16.0.0/12 to any

# Block other nasties like unweilded udp and sunrpc

# Block ICMP Inbound/Allow outbound but allow traceroute

# Allow Well Known Services from internal hosts
pass in on fxp0 proto tcp/udp from any to any port = 21 keep state
pass out on fxp0 proto tcp/udp from any to any port = 21 keep state
pass in on fxp0 proto tcp from any to any port = 22 keep state
pass in on fxp0 proto tcp from any to any port = 23 keep state
pass in on fxp0 proto tcp from any to any port = 80 keep state
pass in on fxp0 proto tcp from any to 192.168.1.2 port = 113 keep state
pass out on fxp0 proto tcp from any to any port = 113 keep state
pass in on fxp0 proto tcp from any to 192.168.1.2 port = 1080 keep state
pass out on fxp0 proto tcp from any to any port = 1080 keep state
pass in on fxp0 proto tcp from any to any port 21330 >< 21332 keep state
pass out on fxo0 from 192.168.1.0/24 to any keep state
pass in on fxp1 from any to any keep state
pass out on fxp1 from any to any keep state
pass in quick proto tcp from any to any port = ftp keep state group 201
pass in quick proto tcp from any to any port = ftp-data keep state group 201
pass in quick proto tcp from any port = ftp-data to any port > 1023 keep state
group 101
pass in on fxp0 proto tcp/udp from any to any port 5500 >< 5900 keep state

Any help would be great.....

l8tr
--------------------------------------------
It said requires windows 95 or better, so i
installed OpenBSD.
---------------------------------------------