Re: A note about firewalls and ftp servers.

• Previous message: Mogens Valentin: "Re: Help with hijacked sendmail"
• In reply to: Rob 'Feztaa' Park: "A note about firewalls and ftp servers."
• Next in thread: Tommaso Di Donato: "Re: A note about firewalls and ftp servers."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Craig Holmes <Leusent@home.com>
To: focus-linux@securityfocus.com
Subject: Re: A note about firewalls and ftp servers.
Date: Wed, 26 Sep 2001 21:01:04 -0400
Message-Id: <01092620592503.00902@Weltall.gearbolt.net>

Note that if your firewall is NAT, and your ftp server is on an internal
computer, and you attempt to forward the port using a program such as
ipmasqadm, it will not work. This has something to do with the use of random
ftp transfer ports. I have found that the only way to properly forward a ftp
server connection thru a NAT firewall and into a local computer behind a NAT
firewall is using a program called "ftpbounce". The program was written for
bouncing FTP connections to hide the source of the FTP server. If you
configure the program to take the full load of all transfers (not just to act
as a FXP connection, as it is sometimes used), your FTP will be fully
accessable from infront of your NAT firewall. I do not have a URL of the
program off hand, but I am sure you can find it easily from the glftpd
(www.glftpd.org) webpage.

         Craig Holmes.

On September 26, 2001 06:38 pm, Rob 'Feztaa' Park wrote:
> I've noticed a few people asking about getting their firewalls to let ftp
> connections work properly.
>
> I'll now briefly detail my experiences with proftpd and iptables:
>
> Symptom: users can connect to ftp server, but can't receive directory
> listings or files.
>
> Problem: iptables allows traffic through on port 21, but not 20.
>
> Solution: Either set up iptables to accept traffic on port 20, or set up
> connection tracking and allow iptables to accept related and established
> connections.

• Previous message: Mogens Valentin: "Re: Help with hijacked sendmail"
• In reply to: Rob 'Feztaa' Park: "A note about firewalls and ftp servers."
• Next in thread: Tommaso Di Donato: "Re: A note about firewalls and ftp servers."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Hacked? External address knocks on internal private address... ... The important part of your message is that FTP is allowed out... ... You open a connection to an FTP Server and logon. ... When you ask the server for a file the server issues a "PORT" command ... so it can open a port on the firewall to allow the incoming Data ... (comp.security.firewalls) Re: ipfw or ipf w/stateful behavior ... these make the firewall secure enaugh. ... > hosting a FTP server at your site? ... Securing things for an FTP client ... (FreeBSD-Security) Re: Problem about Window Xp SP2 firewall and the buildin FTP command ... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a problem that if running multiple FTP command at the same ... Windows XP SP2 to limit Max Connections/sec ... (microsoft.public.windowsxp.general) Problem about Window XP SP2 firewall and the buildin FTP command ... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a problem that if running multiple FTP command at the same ... Windows XP SP2 to limit Max Connections/sec ... (microsoft.public.windowsxp.perform_maintain) Re: Cannot Connect to FTP Server ... If I disable the Windows firewall, ... allow TCP port 21 in Exceptions it's not. ... FTP server)? ... test FTP server on a workstation on the ... (microsoft.public.windows.server.sbs)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint