[FUGSPBR] Servidor FTP passando por ipfilter

Ter Set 28 15:47:24 BRT 2004

Veja nos seu logs o porque não rolou , coloque pra logar todo o trafego
rejeitado, precisa de nada so o ftp rolando e as regras pra liberar os
pacotes em ambos os sentidos , para a porta 20 e 21 do servidor e a
partir da porta 20 e 21 do servidor, praticamente não mechi com ipfilter
mas não é diferente o trafego , veja sua resolução de dns tambem , senão
tambem não rola né ?

Marcelo

On Tue, 2004-09-28 at 12:16, Mauricio Bonani wrote:
> Liberando também a porta 20 não funcionou.
> Precisaria de algo semelhante ao ip_conntrack_ftp do iptables, existe isso 
> no FreeBSD (ipfilter)?
> 
> ----- Original Message ----- 
> From: "Marcelo Soares ds Costa" <mscosta em bn.br>
> To: <fugspbr em fugspbr.org>
> Sent: Tuesday, September 28, 2004 12:03 PM
> Subject: Re: [FUGSPBR] Servidor FTP passando por ipfilter
> 
> 
> > Dá uma examinada em seus logs e veja se aparece a porta 20 , ela é usada
> > para o modo passivo e assim mesmo tem que ser negociada, existe forma de
> > colocar somente pro modo ativo, bem mas ai tem que pedir uma ajudinha
> > pro google, teste liberando a porta 20 , se funcionar beleza né ?
> >
> > Marcelo
> >
> > On Tue, 2004-09-28 at 11:29, Mauricio Bonani wrote:
> >> A porta 20 não é utilizada para uma conexão de dentro para fora?
> >> Do servidor posso tudo para qualquer lugar.
> >>
> >> ----- Original Message ----- 
> >> From: "Marcelo Soares ds Costa" <mscosta em bn.br>
> >> To: <fugspbr em fugspbr.org>
> >> Sent: Tuesday, September 28, 2004 11:23 AM
> >> Subject: Re: [FUGSPBR] Servidor FTP passando por ipfilter
> >>
> >>
> >> > Não vi a liberação da porta 20 , ftp usa 20 e 21
> >> >
> >> > Marcelo
> >> >
> >> > On Tue, 2004-09-28 at 10:51, Mauricio Bonani wrote:
> >> >> Olá pessoal, estou com um pequeno problema e recorro a ajuda de vocês.
> >> >>
> >> >> Uso as regras abaixo, porém ninguém consegue conectar ao meu servidor
> >> >> FTP.
> >> >> Preciso abrir mais alguma porta?
> >> >>
> >> >> Modem (200.xxx.xxx.xxx e 10.0.0.138) e servidor (10.0.0.139 e
> >> >> 192.168.0.7)
> >> >>
> >> >> O modem repassa todas as conexões entrantes para o servidor.
> >> >>
> >> >> # ipfstat -io
> >> >> pass out quick on lo0 from any to any
> >> >> skip 2 out from 10.0.0.139/32 to any
> >> >> skip 1 out from 192.168.0.7/32 to any
> >> >> skip 10 out from any to any
> >> >> pass out quick proto icmp from any to 10.0.0.139/32 icmp-type echorep
> >> >> code 0
> >> >> keep state
> >> >> pass out quick proto icmp from any to 10.0.0.139/32 icmp-type echo 
> >> >> code 0
> >> >> keep state
> >> >> pass out quick proto icmp from any to 192.168.0.7/32 icmp-type echorep
> >> >> code
> >> >> 0 keep state
> >> >> pass out quick proto icmp from any to 192.168.0.7/32 icmp-type echo 
> >> >> code
> >> >> 0
> >> >> keep state
> >> >> pass out quick proto icmp from 10.0.0.139/32 to 192.168.0.0/16 
> >> >> icmp-type
> >> >> echorep code 0 keep state
> >> >> pass out quick proto icmp from 10.0.0.139/32 to 192.168.0.0/16 
> >> >> icmp-type
> >> >> echo code 0 keep state
> >> >> pass out quick proto icmp from 192.168.0.7/32 to 192.168.0.0/16 
> >> >> icmp-type
> >> >> echorep code 0 keep state
> >> >> pass out quick proto icmp from 192.168.0.7/32 to 192.168.0.0/16 
> >> >> icmp-type
> >> >> echo code 0 keep state
> >> >> pass out quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16 
> >> >> icmp-type
> >> >> echorep code 0 keep state
> >> >> pass out quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16 
> >> >> icmp-type
> >> >> echo code 0 keep state
> >> >> pass out quick proto icmp from 10.0.0.139/32 to any keep state
> >> >> pass out quick proto icmp from 192.168.0.7/32 to any keep state
> >> >> pass out quick proto tcp from 10.0.0.139/32 to any keep state
> >> >> pass out quick proto tcp from 192.168.0.7/32 to any keep state
> >> >> pass out quick proto udp from 10.0.0.139/32 to any keep state
> >> >> pass out quick proto udp from 192.168.0.7/32 to any keep state
> >> >> pass out quick from 10.0.0.139/32 to any
> >> >> pass out quick from 192.168.0.7/32 to any
> >> >> pass out quick proto icmp from 192.168.0.0/16 to any keep state
> >> >> pass out quick proto tcp from 192.168.0.0/16 to any keep state
> >> >> pass out quick proto udp from 192.168.0.0/16 to any keep state
> >> >> pass out quick from 192.168.0.0/16 to any
> >> >> pass out quick proto tcp from any to 192.168.0.2/32 port = 3389 keep
> >> >> state
> >> >> pass out quick proto gre from any to 192.168.0.2/32
> >> >> block out log quick from any to any
> >> >> block out quick from any to any
> >> >> pass in quick on lo0 from any to any
> >> >> skip 2 in from 10.0.0.139/32 to any
> >> >> skip 1 in from 192.168.0.7/32 to any
> >> >> skip 10 in from any to any
> >> >> pass in quick proto icmp from any to 10.0.0.139/32 icmp-type echorep 
> >> >> code
> >> >> 0
> >> >> keep state
> >> >> pass in quick proto icmp from any to 10.0.0.139/32 icmp-type echo code 
> >> >> 0
> >> >> keep state
> >> >> pass in quick proto icmp from any to 192.168.0.7/32 icmp-type echorep
> >> >> code 0
> >> >> keep state
> >> >> pass in quick proto icmp from any to 192.168.0.7/32 icmp-type echo 
> >> >> code 0
> >> >> keep state
> >> >> pass in quick proto icmp from 192.168.0.0/16 to 10.0.0.139/32 
> >> >> icmp-type
> >> >> echorep code 0 keep state
> >> >> pass in quick proto icmp from 192.168.0.0/16 to 10.0.0.139/32 
> >> >> icmp-type
> >> >> echo
> >> >> code 0 keep state
> >> >> pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.7/32 
> >> >> icmp-type
> >> >> echorep code 0 keep state
> >> >> pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.7/32 
> >> >> icmp-type
> >> >> echo code 0 keep state
> >> >> pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16 
> >> >> icmp-type
> >> >> echorep code 0 keep state
> >> >> pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16 
> >> >> icmp-type
> >> >> echo code 0 keep state
> >> >> pass in quick proto icmp from 192.168.0.0/16 to any keep state
> >> >> pass in quick proto tcp from 192.168.0.0/16 to any keep state
> >> >> pass in quick proto udp from 192.168.0.0/16 to any keep state
> >> >> pass in quick from 192.168.0.0/16 to any
> >> >> skip 2 in from any to 10.0.0.139/32
> >> >> skip 1 in from any to 192.168.0.7/32
> >> >> skip 13 in from any to any
> >> >> pass in quick proto tcp from any to any port = 22 keep state
> >> >> pass in quick proto tcp from any to any port = 53 keep state
> >> >> pass in quick proto tcp from any to any port = 5901 keep state
> >> >> pass in quick proto tcp from any to any port = 25 keep state
> >> >> pass in quick proto tcp from any to any port = 110 keep state
> >> >> pass in quick proto tcp from any to any port = 3306 keep state
> >> >> pass in quick proto tcp from any to any port = 10024 keep state
> >> >> pass in quick proto tcp from any to any port = 10025 keep state
> >> >> pass in quick proto tcp from any to any port = 80 keep state
> >> >> pass in quick proto tcp from any to any port = 443 keep state
> >> >> pass in quick proto tcp from any to any port = 21 keep state
> >> >> pass in quick proto udp from any to 10.0.0.139/32 port = 53 keep state
> >> >> pass in quick proto udp from any to 192.168.0.7/32 port = 53 keep 
> >> >> state
> >> >> pass in quick proto tcp from any to 192.168.0.2/32 port = 3389 keep 
> >> >> state
> >> >> pass in quick proto gre from any to 192.168.0.2/32
> >> >> block in log quick from any to any
> >> >> block in quick from any to any
> >> >>
> >> >> _______________________________________________________________
> >> >> Para enviar um novo email para a lista: fugspbr em fugspbr.org
> >> >> Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
> >> >> Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
> >> >>
> >> >
> >> > _______________________________________________________________
> >> > Para enviar um novo email para a lista: fugspbr em fugspbr.org
> >> > Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
> >> > Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
> >>
> >> _______________________________________________________________
> >> Para enviar um novo email para a lista: fugspbr em fugspbr.org
> >> Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
> >> Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
> >>
> >
> > _______________________________________________________________
> > Para enviar um novo email para a lista: fugspbr em fugspbr.org
> > Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
> > Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
> 
> _______________________________________________________________
> Para enviar um novo email para a lista: fugspbr em fugspbr.org
> Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
> Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
> 

_______________________________________________________________
Para enviar um novo email para a lista: fugspbr em fugspbr.org
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/