View Single Post
  #9   (View Single Post)  
Old 15th May 2009
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

Quote:
Originally Posted by bsdnewbie999 View Post
What is wrong with my pf.conf ?
Code:
#Macro
int_if="rl0"

#options
set block-policy return
set loginterface $int_if

#Normalization
scrub in all

#Passing Traffic
pass out quick on $int_if inet proto tcp from $int_if to any port www
pass in quick log on $int_if inet proto tcp to $int_if port 21 keep state

#Default Deny
block all
I having trouble surfing the web but i did "pass out quick" the www packets did I ?
SoXXX already gave you the reason why your www doesn't work. You can not resolve the address since your DNS client can not pass to DNS server of your internet service provider.
I would suggest you start with the above simplified pf.conf file that I posted and then remove services which you do not need. You must leave domain intact!

On the another hand I see that you want to keep ftp open for outside access. Do you really have ftp server? Are you sure you really want to do that. You shouldn't be using anything else except sftp for transferring files and ssh for shell access.

If FTP is really needed you need to do little bit more reading about ftp protocol. Namely ftp makes initial contact on port 21 and then randomly open another port for transfer of data. I know that sounds crazy but it is what it is. In order to set ftp properly even just for access to other servers you need to set up ftp proxy. In order for ftp proxy to work inetd must work. Inetd is security risk so you will have very carefully to trim down inetd.conf and remove all unnecessary things.
Reply With Quote