I am using a windows port of ipf called pktfilter from is supposedly a port of sorts of ipf. I have it on a server, and I have some ports open, like web and rdp/terminal services, that works, but I can not figure out how to get ftp working through it. All the howtos that I see are non-windows, and the port I am using doesn't seem to support some of the options I see. (like this one does not support the 'quick' like in allow blah quick tcp, blah blah) BUT, everything on this windows thing is done, with the exception of FTP. I have googled until I could not google anymore. (my config will follow) From what I see, I have tcp/20 and tcp/21 open, IIS is configured correctly (I know at least that) But from remote, I can connect to the ftp server, get the banner and login, but it will hang if you do an ls. I have seen this before on servers that have problems with active or passive connections, but I cannlt get my brain around the docs. If you would be so kind as to look at the following and let me know if I am missing something, I'd appreciate it)
For this, lets say the server (that I am trying to connect to) is 1.1.1.1, and my workstation is 2.2.2.2)
rules.txt: (most I found and pieced together) Note that I pulled out the lines regarding DNS config, as that is working fine
# drop packets composed of small fragments
option small_frags on eth0
# default behavior =
block in on eth0 all
block out on eth0 all
#--------------------------------------------------------------
# Allow RDP / Terminal Services
#--------------------------------------------------------------
pass in on eth0 proto tcp from any to any port = 3389
pass out on eth0 proto tcp from any to any port > 1024 established
#--------------------------------------------------------------
# Allow HTTP / HTTPS Inbound / Outbound
#--------------------------------------------------------------
pass in on eth0 proto tcp from any to any port = 80
pass in on eth0 proto tcp from any port = 443 to any port > 1023
pass in on eth0 proto tcp from any port = 80 to any port > 1023
pass out on eth0 proto tcp from any port > 1023 to any port = 80
pass out on eth0 proto tcp from any port > 1023 to any port = 443
#SSL
#pass in on eth0 proto tcp from any to any port = 443
#--------------------------------------------------------------
# Allow inbound/outbound ICMP (Ping)
#--------------------------------------------------------------
pass in on eth0 proto icmp from any to any
pass in on eth0 proto icmp from any to any icmp-type echorep
pass in on eth0 proto icmp from any to any icmp-type timex
pass out on eth0 proto icmp from any to any
#--------------------------------------------------------------
# Allow FTP
#--------------------------------------------------------------
pass in on eth0 proto tcp from any to any port = 20
pass out on eth0 proto tcp from any to any port > 1024 established
pass in on eth0 proto tcp from any to any port = 21
pass out on eth0 proto tcp from any to any port > 1024 established
Now, with that running, I can connect with RDP/term services, and hit the pages that are on that server.
But like I said, when I FTP to that server, it will hang on doing an ls.
The log files from pktfilter shows this:
02/12/2004 17:22:58.203 eth0 @0:0 b 1.1.1.1,20 -> 2.2.2.2,63100 PR tcp len 20 48 -S
Now I know that this pktfilter shows a packet with a SYN as -S, but it's blocking 20 which I thought I made open?
If I am missing something stupid here please let me know. Thanks much for your help.
-z
For this, lets say the server (that I am trying to connect to) is 1.1.1.1, and my workstation is 2.2.2.2)
rules.txt: (most I found and pieced together) Note that I pulled out the lines regarding DNS config, as that is working fine
# drop packets composed of small fragments
option small_frags on eth0
# default behavior =
block in on eth0 all
block out on eth0 all
#--------------------------------------------------------------
# Allow RDP / Terminal Services
#--------------------------------------------------------------
pass in on eth0 proto tcp from any to any port = 3389
pass out on eth0 proto tcp from any to any port > 1024 established
#--------------------------------------------------------------
# Allow HTTP / HTTPS Inbound / Outbound
#--------------------------------------------------------------
pass in on eth0 proto tcp from any to any port = 80
pass in on eth0 proto tcp from any port = 443 to any port > 1023
pass in on eth0 proto tcp from any port = 80 to any port > 1023
pass out on eth0 proto tcp from any port > 1023 to any port = 80
pass out on eth0 proto tcp from any port > 1023 to any port = 443
#SSL
#pass in on eth0 proto tcp from any to any port = 443
#--------------------------------------------------------------
# Allow inbound/outbound ICMP (Ping)
#--------------------------------------------------------------
pass in on eth0 proto icmp from any to any
pass in on eth0 proto icmp from any to any icmp-type echorep
pass in on eth0 proto icmp from any to any icmp-type timex
pass out on eth0 proto icmp from any to any
#--------------------------------------------------------------
# Allow FTP
#--------------------------------------------------------------
pass in on eth0 proto tcp from any to any port = 20
pass out on eth0 proto tcp from any to any port > 1024 established
pass in on eth0 proto tcp from any to any port = 21
pass out on eth0 proto tcp from any to any port > 1024 established
Now, with that running, I can connect with RDP/term services, and hit the pages that are on that server.
But like I said, when I FTP to that server, it will hang on doing an ls.
The log files from pktfilter shows this:
02/12/2004 17:22:58.203 eth0 @0:0 b 1.1.1.1,20 -> 2.2.2.2,63100 PR tcp len 20 48 -S
Now I know that this pktfilter shows a packet with a SYN as -S, but it's blocking 20 which I thought I made open?
If I am missing something stupid here please let me know. Thanks much for your help.
-z
