FTP server a ipf
Ondra Koutek
koutek at o-k.cz
Wed Mar 3 15:12:46 CET 2004
Zdravim, mam na serveru s ipf ftp server.
Funguje s explorerem, klasickym ftp z prikazove radky, ale cuteftp si ani
neskrtne.
je to pureftp a passive range mam:
# Port range for passive connections replies. - for firewalling.
PassivePortRange 48000 50000
ipf.rules mam:
# Odmitnuti nesmyslnych packetu
block in log quick all with ipopts
block in log quick all with short
# Povoleni vseho pro localhosta
pass in quick on lo0 all
pass out quick on lo0 all
#Pravidla pro odchazejici packety
pass out on xl0 all head 100
block out from 127.0.0.0/8 to any group 100
block out from any to 127.0.0.0/8 group 100
block out from any to 81.0.254.70/32 group 100
pass out quick proto tcp from any to any port = 20 keep state group 100
pass out quick proto tcp from any to any port = 21 keep state group 100
pass out quick proto tcp from any to any port 4800 >< 5000 keep state group
100
#Pravidla pro prichazejici packety
block in on xl0 all head 200
block in from 127.0.0.0/8 to any group 200
block in from 81.0.254.70/32 to any group 200
pass in quick proto tcp from any to any port = 20 group 200
pass in quick proto tcp from any to any port = 21 group 200
pass in quick proto tcp from any to any port 4800 >< 5000 group 200
A kompilovano je to s ipf otevreno pokud neni uvedeno jinak.
Nevite co mam spatne, proc mi nejede to ftp v pasivnim rezimu?
Ondra
More information about the Users-l
mailing list