Hello
I want to see why I am unable to download via ftp. I believe that it
would have something to do with my pf.conf file in my firewall, so have
listed that below.
### simple pf.conf ##
# allow all outgoing TCP, UDP
# allow outgoing ICMP ping
# specifically block 11 common inet services
# Modified for nntp and bittorrent
#
# MACRO
ext_if = rl0
int_if = vr0
PING = echoreq
allow_tcp = { 119 } #Port needed for nntp server
#IntNet = 192.168.1.0/24 #Sub-net range
#InBitTCP = { 6969, 6881:6889 } #Ports needed for BitTorrent
#BitIP = 192.168.1.40 #BitTorrent client
tcp_services = { smtp, pop3, pop3s, www, msa, https, ftp, whois, ssh,
telnet, rsync }
udp_services = { domain }
# OPTIONS:
set block-policy drop
set optimization normal
set loginterface $ext_if
# SCRUB:
scrub in on $ext_if all
# NAT/RDR
nat on $ext_if from $int_if:network to any - $ext_if
#nat on $ext_if proto tcp from $IntNet port $InBitTCP to any - $ext_if \
static-port
#nat on $ext_if proto udp from $IntNet port $InBitTCP to any - $ext_if \
static-port
#rdr on $ext_if proto tcp from !$IntNet to any port 6969 - $BitIP port
6969
#rdr on $ext_if proto udp from !$IntNet to any port 6881:6889 - $BitIP \
port 6881:6889
# filter:
block log on $ext_if all
#pass in quick on $ext_if inet proto tcp from any to any port $InBitTCP \
flags S/SA synproxy state
#pass in quick on $ext_if inet proto udp from any to any port $InBitTCP
#pass out on $int_if inet proto tcp from any to $IntNet port
$port_bittorrent \
flags S/SA synproxy state
#pass out on $int_if inet proto udp from any to $IntNet port
$port_bittorrent
pass quick on lo0 all
pass out on $ext_if proto tcp from any to any port $allow_tcp keep state
pass out quick on $ext_if inet proto tcp from \
{ $ext_if:network, $int_if:network } to any port $tcp_services keep
state
pass out quick on $ext_if inet proto udp from \
{ $ext_if:network, $int_if:network } to any port $udp_services keep
state
pass out quick on $ext_if inet proto icmp from \
{ $ext_if:network, $int_if:network } to any icmp-type $PING keep state
antispoof for $ext_if
antispoof for $int_if
/etc/pf.conf ends ##
Can anyone shine a light on this to help me out please?
Many TIA.
AG
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org