I don't understand you last reply, but fstat commad show me nothing.
I say that :
1 - I don't use any progs who listen on this port
2 - I use PF to filtre all traffic
3 - When i do a netstat this port is not LISTEN but when i scan the interface it say 1720 open port H323.
This is my pf.conf.
#Declaration des interfaces
ext_if="fxp1"
int_if="fxp2"
wifi_if="ath0"
good_if="{ 127.0.0.1, fxp2, ath0 }"
#Services accessible depuis le web
web_services="{ 22, 25, 80}"
#Services web accessible depuis le LAN
tcp_lan_services="{ 80, 22, 443, 1863}"
udp_lan_services="{ 1863 }"
#Acces DNS local
dns_services="{ 53 }"
#Free DNS
dns_free="212.27.53.252"
#Loopback
loopback="127.0.0.1"
#Declaration des tables
table <good> { 192.168.16.0/24 }
table <wifi> { 192.168.1.0/24 }
#les mechants
martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4 }"
#Ne pas filtrer lo
set skip on { lo0 }
#Re-assemblage des paquets
scrub in all
#Activation du NAT sur ext_if
nat on $ext_if from !($ext_if) -> ($ext_if:0)
#Activation du proxy ftp
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass proto tcp from $good_if to any port 21 -> 127.0.0.1 port 8021
#Tout bloquer par defaut
block in all
block return
#On garde l'etat des paquets sortants
pass out keep state
#Declaration de l'ancre pour le proxy ftp
anchor "ftp-proxy/*"
#Antispoof
antispoof log for { $ext_if, $wifi_if, $int_if }
#On bloque les adresse de la RFC 1928
block drop in log (all) quick on $ext_if from $martians to any
block drop out log (all) quick on $ext_if from any to $martians
#Autoriser les ports web_services sur l'interface externe
pass in on $ext_if inet proto tcp from any to $ext_if port $web_services flags S/SA keep state
#autoriser le serveur Ã* contacter le serveur dns de Free
pass out on $ext_if inet proto tcp from self to $dns_free port $dns_services flags S/SA keep state
pass out on $ext_if inet proto udp from self to $dns_free port $dns_services keep state
#----------------------------------------------------------------------------------------------------
#autoriser les pc Ã* contacter le serveur dns de free
#pass in on $int_if proto tcp from <good> to $dns_free port $dns_services flags S/SA keep state
#pass in on $int_if proto udp from <good> to $dns_free port $dns_services keep state
pass in on $wifi_if proto tcp from <wifi> to $dns_free port $dns_services flags S/SA keep state
pass in on $wifi_if proto udp from <wifi> to $dns_free port $dns_services keep state
#autoriser les pc Ã* contacter les serveurs web
pass in on $wifi_if proto tcp from <wifi> to port $tcp_lan_services flags S/SA keep state
pass in on $wifi_if proto udp from <wifi> to port $udp_lan_services keep state
Thank's
|