Re: ipf pass only smtp and pop...

>From: Maurizio Caloro <mauric@gmx.ch>
>
>Hello
>
>i want that only the smtp and pop protocol
>it passing over my router to my client i have
>proved with this settings but without succsess
>
>can any one tell my the mistake that i do
>please
>
>best regards
>Maurizio
>
>
>netsun# cat ipf.conf
>pass in all
>pass out all
>
># [ SMTP and POP ports= 25, 110 ]
>pass in quick on le1 proto tcp from any port = 25 to any keep state keep
>frags
>pass out quick on le1 proto tcp from any port = 25 to any keep state keep
>frags
>
>pass in quick on le1 proto tcp from any port = 110 to any keep state keep
>frags
>pass out quick on le1 proto tcp from any port = 110 to any keep state keep
>frags

You have your rule logic reversed. Connections are made TO the server on
the specified port, not from it.

You may also want to think about what your rules say, you're giving anybody
access from ports 25 and 110 to any service on any host on your internal
network. That may not be what your intending.


Please DO NOT send me ANY email directly unless it's a privacy issue.
Reply-to mangled to assist those who don't read the above.
--
Rob | What part of "no" was it you didn't understand?

__________________________________________________ _______________
Sign-up for a FREE BT Broadband connection today!
http://www.msn.co.uk/specials/btbroadband