DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th May 2008
alternico alternico is offline
New User
 
Join Date: May 2008
Posts: 4
Unhappy p3scan with PF --> Target IP PROBLEM!!

Hi, I'm Nicola from Italy...
I installed on my freebsd 6.2, P3Scan 2.3.2
It works properly only if specific manually and statically:
targetip = IP address MY PROVIDER
targetport = 110
Although I created the rule firewall PF:
rdr on rl0 proto tcp from rl0:network to any port 110 -> 127.0.0.1
port 8110
does not work ...
Output p3scan in debug mode:
-------

Server p3scan[513]: Connection from 10.0.0.2:60938
Server p3scan[513]: Real-server adress is 0.0.0.0

Server p3scan[513]: Cannot connect to real-server

-------

or, on another machine

-------

Server p3scan[513]: Connection from 10.0.0.2:60938
Server p3scan[513]: Real-server adress is 10.0.0.1

Server p3scan[513]: Oops, that would loop! ... -------
Can you help?
THANKS

Nicola

Last edited by alternico; 13th May 2008 at 06:34 PM.
Reply With Quote
  #2   (View Single Post)  
Old 13th May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Code:
rdr on rl0 proto tcp from rl0:network to any port 110 -> 127.0.0.1 port 8110
assuming this is your whole working pf.conf rules set, then you need to edit it...

Code:
rdr on rl0 proto proto inet tcp \
 from rl0:network to any port 110 \
 tag MYRDR110 -> 127.0.0.1 port 8110
# ...
pass in log quick on rl0 inet proto tcp \
 tagged MYRDR110 keep state
#
An RDR statement -- by itself -- does not grant a pass; it should have a companion pass statement.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 14th May 2008 at 12:33 AM. Reason: syntax fix
Reply With Quote
  #3   (View Single Post)  
Old 13th May 2008
alternico alternico is offline
New User
 
Join Date: May 2008
Posts: 4
Default

Quote:
Originally Posted by s2scott View Post
Code:
rdr on rl0 proto tcp from rl0:network to any port 110 -> 127.0.0.1 port 8110
assuming this is your whole working pf.conf rules set, then you need to edit it...

Code:
rdr on rl0 proto proto inet tcp \
 from rl0:network to any port 110 \
 tag MYRDR110 -> 127.0.0.1
port 8110
# ...
pass in log quick on rl0 inet proto tcp \
 tagged MYRDR110 keep state
#
An RDR statement -- by itself -- does not grant a pass; it should have a companion pass statement.

/S
thank you for answer... I but I've tried something similar:
Code:
rdr pass on rl0 proto tcp from rl0:network to any port 110 -> 127.0.0.1 port 8110
I can not find a solution .. now there are days that fight ..
Reply With Quote
  #4   (View Single Post)  
Old 14th May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

You need to post more info for more help.

  1. Your whole pf.conf
  2. Edit your nat, rdr, pass and block stmts to include the "log" keyword, and
  3. run the following, capture a test, and post the output here.
Code:
# tcpdump -eni pflog0
/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
  #5   (View Single Post)  
Old 14th May 2008
alternico alternico is offline
New User
 
Join Date: May 2008
Posts: 4
Default

Quote:
Originally Posted by s2scott View Post
You need to post more info for more help.

  1. Your whole pf.conf
  2. Edit your nat, rdr, pass and block stmts to include the "log" keyword, and
  3. run the following, capture a test, and post the output here.
Code:
# tcpdump -eni pflog0
/S
ok ...
afternoon place everything that I asked you.

I wanted to know that, perhaps I can not access the file pf.conf, because use pfSense (distro firewall based on FreeBSD)
Reply With Quote
  #6   (View Single Post)  
Old 14th May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by alternico View Post
... I can not access the file pf.conf, because use pfSense (distro firewall based on FreeBSD)
humm ... I'm not sure about any pfsense-specific diagnostic steps or options.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
  #7   (View Single Post)  
Old 14th May 2008
alternico alternico is offline
New User
 
Join Date: May 2008
Posts: 4
Default

It's not that you can tell me what are, for each regular following iptables, the rules that match in PF:

Code:
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport pop3 -j REDIRECT --to 8110
iptables -t nat -I OUTPUT -p tcp --dport 110 -j REDIRECT --to 8110
Reply With Quote
  #8   (View Single Post)  
Old 14th May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by alternico View Post
It's not that you can tell me what are, for each regular following iptables, the rules that match in PF:

Code:
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport pop3 -j REDIRECT --to 8110
iptables -t nat -I OUTPUT -p tcp --dport 110 -j REDIRECT --to 8110
Ah, ...

Code:
rdr on rl0 proto proto inet tcp \
 from any to (rl0:0) port 110 \
 tag MYRDR110 -> 127.0.0.1 port 8110
# ...
pass in log quick on rl0 inet proto tcp \
 tagged MYRDR110 keep state
#
I believe we need to turn the from and to values around.
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Boot problem. Geometry problem? gulanito FreeBSD Installation and Upgrading 0 3rd July 2009 03:03 AM


All times are GMT. The time now is 08:54 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick