View Single Post
  #8   (View Single Post)  
Old 11th February 2009
killa74 killa74 is offline
New User
 
Join Date: Feb 2009
Location: France
Posts: 6
Default

I don't understand you last reply, but fstat commad show me nothing.
I say that :
1 - I don't use any progs who listen on this port
2 - I use PF to filtre all traffic
3 - When i do a netstat this port is not LISTEN but when i scan the interface it say 1720 open port H323.

This is my pf.conf.

#Declaration des interfaces
ext_if="fxp1"
int_if="fxp2"
wifi_if="ath0"

good_if="{ 127.0.0.1, fxp2, ath0 }"

#Services accessible depuis le web
web_services="{ 22, 25, 80}"

#Services web accessible depuis le LAN
tcp_lan_services="{ 80, 22, 443, 1863}"
udp_lan_services="{ 1863 }"

#Acces DNS local
dns_services="{ 53 }"

#Free DNS
dns_free="212.27.53.252"

#Loopback
loopback="127.0.0.1"

#Declaration des tables
table <good> { 192.168.16.0/24 }
table <wifi> { 192.168.1.0/24 }

#les mechants
martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4 }"

#Ne pas filtrer lo
set skip on { lo0 }

#Re-assemblage des paquets
scrub in all

#Activation du NAT sur ext_if
nat on $ext_if from !($ext_if) -> ($ext_if:0)

#Activation du proxy ftp
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass proto tcp from $good_if to any port 21 -> 127.0.0.1 port 8021

#Tout bloquer par defaut
block in all
block return

#On garde l'etat des paquets sortants
pass out keep state

#Declaration de l'ancre pour le proxy ftp
anchor "ftp-proxy/*"

#Antispoof
antispoof log for { $ext_if, $wifi_if, $int_if }

#On bloque les adresse de la RFC 1928
block drop in log (all) quick on $ext_if from $martians to any
block drop out log (all) quick on $ext_if from any to $martians

#Autoriser les ports web_services sur l'interface externe
pass in on $ext_if inet proto tcp from any to $ext_if port $web_services flags S/SA keep state

#autoriser le serveur * contacter le serveur dns de Free
pass out on $ext_if inet proto tcp from self to $dns_free port $dns_services flags S/SA keep state
pass out on $ext_if inet proto udp from self to $dns_free port $dns_services keep state
#----------------------------------------------------------------------------------------------------

#autoriser les pc * contacter le serveur dns de free
#pass in on $int_if proto tcp from <good> to $dns_free port $dns_services flags S/SA keep state
#pass in on $int_if proto udp from <good> to $dns_free port $dns_services keep state

pass in on $wifi_if proto tcp from <wifi> to $dns_free port $dns_services flags S/SA keep state
pass in on $wifi_if proto udp from <wifi> to $dns_free port $dns_services keep state

#autoriser les pc * contacter les serveurs web
pass in on $wifi_if proto tcp from <wifi> to port $tcp_lan_services flags S/SA keep state
pass in on $wifi_if proto udp from <wifi> to port $udp_lan_services keep state

Thank's
Reply With Quote