[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: problems with ipfilter and Granch adapter
From:       Jim Sandoz <sandoz () lucent ! com>
Date:       2002-02-24 21:31:22
[Download RAW message or body]


read the FAQ.   http://home.earthlink.net/~jaymzh666/ipf/index.html

a) you need flags S on keep state tcp rules.
    http://home.earthlink.net/~jaymzh666/ipf/IPFprob.html#1

b) "return-rst [...] proto tcp" should only be used with flags S
    http://home.earthlink.net/~jaymzh666/ipf/IPFprob.html#9

c) finally, you have no ingress protection in place (i.e. your firewall 
doesn't work):
    if i use port 20 as my source port i can go anywhere i want on your 
network.

if you want to support passive mode ftp for the clients behind the
firewall, you should use the ftp proxy built into ipnat instead of
opening up such a large hole.  

read the ipf howto, located at http://www.obfuscation.org/ipf/

jim


Novline wrote:

>Ipfilter starting to block incoming traffic after a period of time, my
>server is working fine day or to, and then starting to block all IP
>traffic on this interface. Is there a problem in IPF or Granch driver?
>
>This is my ipf.conf file
>This configuration works fine with ethernet adapters.
>
>##
>pass in quick proto tcp from any port = ftp-data to any keep state
>pass out quick on sbni0 proto tcp from any to any keep state
>pass out quick on sbni0 proto udp from any to any keep state
>pass out quick on sbni0 proto icmp from any to any keep state
>block out quick on sbni0 all
>
>block return-rst in log quick on sbni0 proto tcp from any to any
>block return-icmp-as-dest(port-unr) in log quick on sbni0 proto udp from any to any
>block in log quick on sbni0 all
>##
>


[prev in list] [next in list] [prev in thread] [next in thread]