Re: PROBLEMS IPF - FTP

["Peter Verhagen" <miscbsd_(_at_)_sapl_(_dot_)_ab_(_dot_)_ca>]

If I'm not mistaken (plz correct me if I am mistaken), most ports do 
two way communication. Therefore you would add this to see if it 
helps (infact, add lines for each service you want use):

pass in quick on xl2 from any port = 20 to any
pass in quick on xl2 from any port = 80 to any
etc...

Peter Verhagen

> I have a pair of problems my situation is:
> 
> I have a machine openbsd like firewall, and of that I do bridge
> to another  machine openbsd that its function is nat.
> 
> My problem is with FTP, at the time of closing all the ports in
> my internal  LAN, the FTP dies, nor passive profit to enter.
> 
> 
> |Firewall| --- Bridge --- | Nat | ------ | HUB | ---- Clients
> 
> My ipf.rules:
> 
> #xl0
> pass in quick on xl0 all
> pass out quick on xl0 all
> #xl2
> pass in quick on xl2 from any to any port = 20
> pass in quick on xl2 from any to any port = 21
> pass in quick on xl2 from any to any port = 22
> pass in quick on xl2 from any to any port = 23
> pass in quick on xl2 from any to any port = 53
> pass in quick on xl2 from any to any port = 80
> pass in quick on xl2 from any to any port = 443
> pass in quick on xl2 from any to any port = 25
> pass in quick on xl2 from any to any port = 110
> pass in quick on xl2 from any to any port = 53
> pass in quick on xl2 from any to any port = 524
> pass in quick on xl2 from any to any port = 5190
> pass in quick on xl2 from any to any port = 1863
> pass in quick on xl2 from any to any port = 6667
> block in quick on xl2 all
> pass out quick on xl2 all
> 
> 
> Some solution that they give me so that if it can enter FTP in my
> internal  LAN
> 
> Thnx
> :)