[FUGSPBR] Servidor FTP passando por ipfilter

João Carlos Mendes Luís jonny em jonny.eng.br
Qua Set 29 22:36:23 BRT 2004 

É o contrario.  Voce trocou ativo com passivo.

Marcelo Soares ds Costa wrote:
> Dá uma examinada em seus logs e veja se aparece a porta 20 , ela é usada
> para o modo passivo e assim mesmo tem que ser negociada, existe forma de
> colocar somente pro modo ativo, bem mas ai tem que pedir uma ajudinha
> pro google, teste liberando a porta 20 , se funcionar beleza né ?
> 
> Marcelo
> 
> On Tue, 2004-09-28 at 11:29, Mauricio Bonani wrote:
> 
>>A porta 20 não é utilizada para uma conexão de dentro para fora?
>>Do servidor posso tudo para qualquer lugar.
>>
>>----- Original Message ----- 
>>From: "Marcelo Soares ds Costa" <mscosta em bn.br>
>>To: <fugspbr em fugspbr.org>
>>Sent: Tuesday, September 28, 2004 11:23 AM
>>Subject: Re: [FUGSPBR] Servidor FTP passando por ipfilter
>>
>>
>>
>>>Não vi a liberação da porta 20 , ftp usa 20 e 21
>>>
>>>Marcelo
>>>
>>>On Tue, 2004-09-28 at 10:51, Mauricio Bonani wrote:
>>>
>>>>Olá pessoal, estou com um pequeno problema e recorro a ajuda de vocês.
>>>>
>>>>Uso as regras abaixo, porém ninguém consegue conectar ao meu servidor 
>>>>FTP.
>>>>Preciso abrir mais alguma porta?
>>>>
>>>>Modem (200.xxx.xxx.xxx e 10.0.0.138) e servidor (10.0.0.139 e 
>>>>192.168.0.7)
>>>>
>>>>O modem repassa todas as conexões entrantes para o servidor.
>>>>
>>>># ipfstat -io
>>>>pass out quick on lo0 from any to any
>>>>skip 2 out from 10.0.0.139/32 to any
>>>>skip 1 out from 192.168.0.7/32 to any
>>>>skip 10 out from any to any
>>>>pass out quick proto icmp from any to 10.0.0.139/32 icmp-type echorep 
>>>>code 0
>>>>keep state
>>>>pass out quick proto icmp from any to 10.0.0.139/32 icmp-type echo code 0
>>>>keep state
>>>>pass out quick proto icmp from any to 192.168.0.7/32 icmp-type echorep 
>>>>code
>>>>0 keep state
>>>>pass out quick proto icmp from any to 192.168.0.7/32 icmp-type echo code 
>>>>0
>>>>keep state
>>>>pass out quick proto icmp from 10.0.0.139/32 to 192.168.0.0/16 icmp-type
>>>>echorep code 0 keep state
>>>>pass out quick proto icmp from 10.0.0.139/32 to 192.168.0.0/16 icmp-type
>>>>echo code 0 keep state
>>>>pass out quick proto icmp from 192.168.0.7/32 to 192.168.0.0/16 icmp-type
>>>>echorep code 0 keep state
>>>>pass out quick proto icmp from 192.168.0.7/32 to 192.168.0.0/16 icmp-type
>>>>echo code 0 keep state
>>>>pass out quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16 icmp-type
>>>>echorep code 0 keep state
>>>>pass out quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16 icmp-type
>>>>echo code 0 keep state
>>>>pass out quick proto icmp from 10.0.0.139/32 to any keep state
>>>>pass out quick proto icmp from 192.168.0.7/32 to any keep state
>>>>pass out quick proto tcp from 10.0.0.139/32 to any keep state
>>>>pass out quick proto tcp from 192.168.0.7/32 to any keep state
>>>>pass out quick proto udp from 10.0.0.139/32 to any keep state
>>>>pass out quick proto udp from 192.168.0.7/32 to any keep state
>>>>pass out quick from 10.0.0.139/32 to any
>>>>pass out quick from 192.168.0.7/32 to any
>>>>pass out quick proto icmp from 192.168.0.0/16 to any keep state
>>>>pass out quick proto tcp from 192.168.0.0/16 to any keep state
>>>>pass out quick proto udp from 192.168.0.0/16 to any keep state
>>>>pass out quick from 192.168.0.0/16 to any
>>>>pass out quick proto tcp from any to 192.168.0.2/32 port = 3389 keep 
>>>>state
>>>>pass out quick proto gre from any to 192.168.0.2/32
>>>>block out log quick from any to any
>>>>block out quick from any to any
>>>>pass in quick on lo0 from any to any
>>>>skip 2 in from 10.0.0.139/32 to any
>>>>skip 1 in from 192.168.0.7/32 to any
>>>>skip 10 in from any to any
>>>>pass in quick proto icmp from any to 10.0.0.139/32 icmp-type echorep code 
>>>>0
>>>>keep state
>>>>pass in quick proto icmp from any to 10.0.0.139/32 icmp-type echo code 0
>>>>keep state
>>>>pass in quick proto icmp from any to 192.168.0.7/32 icmp-type echorep 
>>>>code 0
>>>>keep state
>>>>pass in quick proto icmp from any to 192.168.0.7/32 icmp-type echo code 0
>>>>keep state
>>>>pass in quick proto icmp from 192.168.0.0/16 to 10.0.0.139/32 icmp-type
>>>>echorep code 0 keep state
>>>>pass in quick proto icmp from 192.168.0.0/16 to 10.0.0.139/32 icmp-type 
>>>>echo
>>>>code 0 keep state
>>>>pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.7/32 icmp-type
>>>>echorep code 0 keep state
>>>>pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.7/32 icmp-type
>>>>echo code 0 keep state
>>>>pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16 icmp-type
>>>>echorep code 0 keep state
>>>>pass in quick proto icmp from 192.168.0.0/16 to 192.168.0.0/16 icmp-type
>>>>echo code 0 keep state
>>>>pass in quick proto icmp from 192.168.0.0/16 to any keep state
>>>>pass in quick proto tcp from 192.168.0.0/16 to any keep state
>>>>pass in quick proto udp from 192.168.0.0/16 to any keep state
>>>>pass in quick from 192.168.0.0/16 to any
>>>>skip 2 in from any to 10.0.0.139/32
>>>>skip 1 in from any to 192.168.0.7/32
>>>>skip 13 in from any to any
>>>>pass in quick proto tcp from any to any port = 22 keep state
>>>>pass in quick proto tcp from any to any port = 53 keep state
>>>>pass in quick proto tcp from any to any port = 5901 keep state
>>>>pass in quick proto tcp from any to any port = 25 keep state
>>>>pass in quick proto tcp from any to any port = 110 keep state
>>>>pass in quick proto tcp from any to any port = 3306 keep state
>>>>pass in quick proto tcp from any to any port = 10024 keep state
>>>>pass in quick proto tcp from any to any port = 10025 keep state
>>>>pass in quick proto tcp from any to any port = 80 keep state
>>>>pass in quick proto tcp from any to any port = 443 keep state
>>>>pass in quick proto tcp from any to any port = 21 keep state
>>>>pass in quick proto udp from any to 10.0.0.139/32 port = 53 keep state
>>>>pass in quick proto udp from any to 192.168.0.7/32 port = 53 keep state
>>>>pass in quick proto tcp from any to 192.168.0.2/32 port = 3389 keep state
>>>>pass in quick proto gre from any to 192.168.0.2/32
>>>>block in log quick from any to any
>>>>block in quick from any to any
>>>>
>>>>_______________________________________________________________
>>>>Para enviar um novo email para a lista: fugspbr em fugspbr.org
>>>>Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
>>>>Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
>>>>
>>>
>>>_______________________________________________________________
>>>Para enviar um novo email para a lista: fugspbr em fugspbr.org
>>>Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
>>>Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
>>
>>_______________________________________________________________
>>Para enviar um novo email para a lista: fugspbr em fugspbr.org
>>Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
>>Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
>>
> 
> 
> _______________________________________________________________
> Para enviar um novo email para a lista: fugspbr em fugspbr.org
> Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
> Historico: http://www4.fugspbr.org/lista/html/FUG-BR/


                                         Jonny

-- 
João Carlos Mendes Luís - Networking Engineer - jonny em jonny.eng.br
_______________________________________________________________
Para enviar um novo email para a lista: fugspbr em fugspbr.org
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/

Mais detalhes sobre a lista de discussão freebsd