Re: [FUGSPBR] Servidor FTP passando por ipfilter

From:	João Carlos Mendes Luís <jonny@xxxxxxxxxxxx>
To:	fugspbr@xxxxxxxxxxx
Subject:	Re: [FUGSPBR] Servidor FTP passando por ipfilter
Date:	Wed, 29 Sep 2004 22:35:52 -0300

E conexões passivas, voce permitiu?

Obs: execute o comando sysctl net.inet.ip.portrange

Mauricio Bonani wrote:

A porta 20 não é utilizada para uma conexão de dentro para fora?
Do servidor posso tudo para qualquer lugar.

----- Original Message ----- From: "Marcelo Soares ds Costa"<mscosta@xxxxx>

To: <fugspbr@xxxxxxxxxxx>
Sent: Tuesday, September 28, 2004 11:23 AM
Subject: Re: [FUGSPBR] Servidor FTP passando por ipfilter

Não vi a liberação da porta 20 , ftp usa 20 e 21

Marcelo

On Tue, 2004-09-28 at 10:51, Mauricio Bonani wrote:

Olá pessoal, estou com um pequeno problema e recorro a ajuda de vocês.

Uso as regras abaixo, porém ninguém consegue conectar ao meu servidorFTP.

Preciso abrir mais alguma porta?

Modem (200.xxx.xxx.xxx e 10.0.0.138) e servidor (10.0.0.139 e192.168.0.7)


O modem repassa todas as conexões entrantes para o servidor.

# ipfstat -io
pass out quick on lo0 from any to any
skip 2 out from 10.0.0.139/32 to any
skip 1 out from 192.168.0.7/32 to any
skip 10 out from any to any

pass out quick proto icmp from any to 10.0.0.139/32 icmp-type echorepcode 0

keep state

pass out quick proto icmp from any to 10.0.0.139/32 icmp-type echocode 0

keep state

pass out quick proto icmp from any to 192.168.0.7/32 icmp-typeechorep code

0 keep state

pass out quick proto icmp from any to 192.168.0.7/32 icmp-type echocode 0

keep state
pass out quick proto icmp from 10.0.0.139/32 to 192.168.0.0/16 icmp-type
echorep code 0 keep state
pass out quick proto icmp from 10.0.0.139/32 to 192.168.0.0/16 icmp-type
echo code 0 keep state

pass out quick proto icmp from 192.168.0.7/32 to 192.168.0.0/16icmp-type

echorep code 0 keep state

pass out quick proto icmp from 192.168.0.7/32 to 192.168.0.0/16icmp-type

echo code 0 keep state

pass out quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16icmp-type

echorep code 0 keep state

pass out quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16icmp-type

echo code 0 keep state
pass out quick proto icmp from 10.0.0.139/32 to any keep state
pass out quick proto icmp from 192.168.0.7/32 to any keep state
pass out quick proto tcp from 10.0.0.139/32 to any keep state
pass out quick proto tcp from 192.168.0.7/32 to any keep state
pass out quick proto udp from 10.0.0.139/32 to any keep state
pass out quick proto udp from 192.168.0.7/32 to any keep state
pass out quick from 10.0.0.139/32 to any
pass out quick from 192.168.0.7/32 to any
pass out quick proto icmp from 192.168.0.0/16 to any keep state
pass out quick proto tcp from 192.168.0.0/16 to any keep state
pass out quick proto udp from 192.168.0.0/16 to any keep state
pass out quick from 192.168.0.0/16 to any

pass out quick proto tcp from any to 192.168.0.2/32 port = 3389 keepstate

pass out quick proto gre from any to 192.168.0.2/32
block out log quick from any to any
block out quick from any to any
pass in quick on lo0 from any to any
skip 2 in from 10.0.0.139/32 to any
skip 1 in from 192.168.0.7/32 to any
skip 10 in from any to any

pass in quick proto icmp from any to 10.0.0.139/32 icmp-type echorepcode 0

keep state
pass in quick proto icmp from any to 10.0.0.139/32 icmp-type echo code 0
keep state

pass in quick proto icmp from any to 192.168.0.7/32 icmp-type echorepcode 0

keep state

pass in quick proto icmp from any to 192.168.0.7/32 icmp-type echocode 0

keep state
pass in quick proto icmp from 192.168.0.0/16 to 10.0.0.139/32 icmp-type
echorep code 0 keep state

pass in quick proto icmp from 192.168.0.0/16 to 10.0.0.139/32icmp-type echo

code 0 keep state
pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.7/32 icmp-type
echorep code 0 keep state
pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.7/32 icmp-type
echo code 0 keep state
pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16 icmp-type
echorep code 0 keep state
pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16 icmp-type
echo code 0 keep state
pass in quick proto icmp from 192.168.0.0/16 to any keep state
pass in quick proto tcp from 192.168.0.0/16 to any keep state
pass in quick proto udp from 192.168.0.0/16 to any keep state
pass in quick from 192.168.0.0/16 to any
skip 2 in from any to 10.0.0.139/32
skip 1 in from any to 192.168.0.7/32
skip 13 in from any to any
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 53 keep state
pass in quick proto tcp from any to any port = 5901 keep state
pass in quick proto tcp from any to any port = 25 keep state
pass in quick proto tcp from any to any port = 110 keep state
pass in quick proto tcp from any to any port = 3306 keep state
pass in quick proto tcp from any to any port = 10024 keep state
pass in quick proto tcp from any to any port = 10025 keep state
pass in quick proto tcp from any to any port = 80 keep state
pass in quick proto tcp from any to any port = 443 keep state
pass in quick proto tcp from any to any port = 21 keep state
pass in quick proto udp from any to 10.0.0.139/32 port = 53 keep state
pass in quick proto udp from any to 192.168.0.7/32 port = 53 keep state

pass in quick proto tcp from any to 192.168.0.2/32 port = 3389 keepstate

pass in quick proto gre from any to 192.168.0.2/32
block in log quick from any to any
block in quick from any to any

_______________________________________________________________
Para enviar um novo email para a lista: fugspbr@xxxxxxxxxxx
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/


_______________________________________________________________
Para enviar um novo email para a lista: fugspbr@xxxxxxxxxxx
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi

Historico: http://www4.fugspbr.org/lista/html/FUG-BR/



_______________________________________________________________
Para enviar um novo email para a lista: fugspbr@xxxxxxxxxxx
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/



                                        Jonny

--
João Carlos Mendes Luís - Networking Engineer - jonny@xxxxxxxxxxxx
_______________________________________________________________
Para enviar um novo email para a lista: fugspbr@xxxxxxxxxxx
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/

<Anterior na Thread]	Thread Atual	[Próximo na Thread>
[FUGSPBR] Servidor FTP passando por ipfilter, Mauricio Bonani Re: [FUGSPBR] Servidor FTP passando por ipfilter, Marcelo Soares ds Costa Re: [FUGSPBR] Servidor FTP passando por ipfilter, Mauricio Bonani Re: [FUGSPBR] Servidor FTP passando por ipfilter, Marcelo Soares ds Costa Re: [FUGSPBR] Servidor FTP passando por ipfilter, Mauricio Bonani Re: [FUGSPBR] Servidor FTP passando por ipfilter, Marcelo Soares ds Costa Re: [FUGSPBR] Servidor FTP passando por ipfilter, Alexandre Vasconcelos Re: [FUGSPBR] Servidor FTP passando por ipfilter, João Carlos Mendes Luís <= Re: [FUGSPBR] Servidor FTP passando por ipfilter, João Carlos Mendes Luís

Anterior por Data:	Re: [FUGSPBR] BSD nao detecta Mirror SCSI, João Carlos Mendes Luís
Próximo por Data:	Re: [FUGSPBR] Servidor FTP passando por ipfilter, João Carlos Mendes Luís
Anterior por Thread:	Re: [FUGSPBR] Servidor FTP passando por ipfilter, Alexandre Vasconcelos
Próximo por Thread:	Re: [FUGSPBR] Servidor FTP passando por ipfilter, João Carlos Mendes Luís
Índices:	[Data] [Thread] [Início] [Todas as Listas]