[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Re: FTP confusion -ipf ((SOLVED))
From: Jeff Donovan <jdonovan () beth ! k12 ! pa ! us>
Date: 2001-02-28 15:58:20
[Download RAW message or body]
Greetings,
Thanks to all who replied.
this is a temporary solve until I can find a way to write it better;
What I did was put a packet sniffer in my DMZ to view the traffic
between the firewall and the incoming ftp sessions. I noticed that
the intitial SYN from the admin to the server was passing, then the
ftpsvr would do a reverse dns lookup ( which i was not passing to my
DNS box on a seporate subnet)
then I needed to allow connections from the admin machine to ftpsvr
control port 20.
by placing the LOG feature on the block statement, I was able to see
in the log file what was being blocked, therefore I could open up
those specific conversations.
These rules only allow my admin machine to ftp to a specific ftp
server.-- re-writes will follow.
(yes I know use SCP, :) that's next.
--jeff
block in log on ep1 all
pass in quick on ep1 proto tcp/udp from mydnssvr/32 to any keep state
pass in quick proto tcp from myadmin/32 port > 1023 to ftpsvr/32 port = 21
pass out quick proto tcp from ftpsvr/32 port = 21 to myadmin/32 port > 1023
pass in quick proto tcp from myadmin/32 port > 1023 to ftpsvr/32 port = 20
--
------------------------------------------------------------------------
Jeff Donovan Network Analyst
Bethlehem Area School District Information & Communication Technologies
Bethlehem, PA 18020 (610) 807-5571 jdonovan@beth.k12.pa.us
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic