RE: Please help me with PF (thanks)
bob_at_a1poweruser.com
Date: 04/30/05
- Previous message: Fafa Diliha Romanova: "Please help me with PF (thanks)"
- In reply to: Fafa Diliha Romanova: "Please help me with PF (thanks)"
- Next in thread: Fafa Diliha Romanova: "RE: Please help me with PF (thanks)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Fafa Diliha Romanova" <fteg@london.com>, <questions@freebsd.org> Date: Sat, 30 Apr 2005 08:06:49 -0400
Simple question, do problems 1, 2, & 3 still happen when you comment
out the pf statements in rc.conf and run with out a firewall?
-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Fafa Diliha
Romanova
Sent: Saturday, April 30, 2005 7:51 AM
To: questions@freebsd.org
Subject: Please help me with PF (thanks)
Hello!
Problems:
1. BIND stops workin after a while
2. I cannot establish SSH connections
3. I cannot FTP to certain sites
4. PF crashes my computer on FTP uploads
So I'm seeking solutions to these problems.
And maybe ways to SIMPLIFY my pf.conf:
-----------------------------
int_if="ep0"
ext_if="lnc0"
# *** Options
#
set block-policy drop
# *** Scrub incoming packets
#
scrub in all
# *** NAT
#
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $int_if proto tcp from any to any \
port 21 -> 127.0.0.1 port 8021
# *** Default deny policy
#
block drop log all
# *** Pass loopback traffic
#
pass quick on { lo0 $int_if }
# *** Outgoing
#
pass out on $ext_if inet proto { tcp, udp, icmp } \
from ($ext_if) to any keep state
# *** Bootstrap
#
pass out on $ext_if inet proto udp \
from any port 68 to any port 67 keep state
# *** DNS and NTP
#
pass out on $ext_if inet proto udp \
from ($ext_if) to any port { 53, 123 } keep state
# *** SSH, HTTP and Ident
#
pass in on $ext_if inet proto tcp \
from any to ($ext_if) port { 22, 80, 113 } flags S/SA keep
state
# *** Active FTP
#
pass in on $ext_if inet proto tcp \
from port 20 to ($ext_if) user proxy flags S/SA keep state
-----------------------------
Thank you all so much!
-- Fafa
-- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Fafa Diliha Romanova: "Please help me with PF (thanks)"
- In reply to: Fafa Diliha Romanova: "Please help me with PF (thanks)"
- Next in thread: Fafa Diliha Romanova: "RE: Please help me with PF (thanks)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
