[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
firewall rules : keep state
Hello, I am new to this list.
I have an OpenBSD 2.9 firewall and I have been stumped on one issue I
can't seem to resolve. I have tried every combination I can think of.
here is my network: fxp0 external, sis0 internal, web/ftp server
inside. I have not NAT.
What is happening is that I can connect to an FTP server but it
doesn't seem to get back out to communicate with me. My FTP client
just sits there waiting for a response back. Nothing.
Here are a couple of the rules I have for those ports;
pass in quick on fxp0 proto tcp from any to any port = 20 flags S/SA keep state
pass in quick on fxp0 proto tcp from any to any port = 21 flags S/SA keep state
#the following is near the end of my rules
pass out quick on fxp0 proto tcp from any to any flags S/SA keep state
I have also tried tcp/udp and also keep state with out the flags S/SA.
Also, all other protocols seem to work fine, such as 80, 25, 110.
But nothing seems to work, but as soon as I use the statement;
pass in quick from any to any
then everythitng works fine.
So what am I missing?
Thanks for the help.
--
<------------------------------------------------->
Alex Pilson
FlagShip Interactive, Inc.
alex@flagshipinteractive.com
404.728.4417
404.642.8225 CELL
// Web Design
// Lasso Application Development
// Filemaker Pro / SQL Development
// Sonic Solutions Creator Authoring
// Apple DVD Studio Pro Authoring
// Macromedia Director/Flash Authoring
<------------------------------------------------->