Hi!
When my ipf.conf is empty, ftp comes through with no problem.
But when ipf is configured then I get from the browser the message
Quote:
|
425 can't open data connection
|
. Then I only get to see the link
Quote:
|
Up to higher level directory
|
but not the subdirectorie.
When I use ftp from the command line I get
Quote:
|
227 Entering Passive Mode
|
and then ftp doesn't react.
with ipmon -a, I get:
Quote:
03/03/2006 11:13:39.310968 bge0 @0:11 b 111.111.11.11,45853 -> 111.111.11.22,57708 PR tcp len 20 60 -S IN
03/03/2006 11:13:39.315945 bge0 @0:11 b 111.111.11.11,46725 -> 111.111.11.22,58435 PR tcp len 20 60 -S IN
03/03/2006 11:13:39.272958 STATE:NEW 111.111.11.11,48946 -> 111.111.11.22,21 PR tcp
03/03/2006 11:13:42.315071 bge0 @0:11 b 111.111.11.11,46725 -> 111.111.11.22,58435 PR tcp len 20 60 -S IN
03/03/2006 11:13:48.314127 bge0 @0:11 b 111.111.11.11,46725 -> 111.111.11.22,58435 PR tcp len 20 60 -S IN
03/03/2006 11:13:52.354538 bge0 @0:11 b 111.111.11.33 -> 224.0.0.1 PR igmp len 20 (28) IN
|
my ipf.conf looks like this:
Quote:
# Allow loopback traffic
pass in quick on lo0 all
pass out quick on lo0 all
# Allow any outbound traffic from this computer (and the response)
pass out quick all keep state
# block from non-routable addresses, required for a server
block in quick from 10.0.0.0/8
block in quick from 172.16.0.0/12
block in quick from 192.168.0.0/16
# Allow http and https inbound
pass in quick proto tcp from any to any port = 80 keep state
pass in quick proto tcp from any to any port = 443 keep state
# Allow ssh inbound
pass in quick proto tcp from any to any port = 22 keep state
# Allow ft inbound
pass in quick proto tcp from any to any port = 20 keep state
pass in quick proto tcp from any to any port = 21 keep state
# Block ident with a TCP RST
block return-rst in quick proto tcp to port = 113
# Block and log anything inbound that I did not originate
block in log all
|
Thanks for any help.
