Re: A note about firewalls and ftp servers.
From: Tommaso Di Donato (t.didonato@sicurweb.it)Date: 09/27/01
- Previous message: hvdkooij@vanderkooij.org: "Re: Help with hijacked sendmail"
- In reply to: Rob 'Feztaa' Park: "A note about firewalls and ftp servers."
- Next in thread: Peter H. Lemieux: "Re: A note about firewalls and ftp servers."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <5.1.0.14.0.20010927084525.00ab4d68@relay1.it.net> Date: Thu, 27 Sep 2001 09:03:20 +0200 To: focus-linux@securityfocus.com From: Tommaso Di Donato <t.didonato@sicurweb.it> Subject: Re: A note about firewalls and ftp servers.
Yes, this is true, and it works great! Connection tracking is what makes me
love iptables!!!
I heard about other problems with FTP: if your ftp server is running a
private IP and you use iptables to NAT, user outside the firewall could
have problems accessing it...
Solution: use the module ip_nat_ftp (with ip_conntrack_ftp)
At 00.38 27/09/2001, you wrote:
>I've noticed a few people asking about getting their firewalls to let ftp
>connections work properly.
>Symptom: users can connect to ftp server, but can't receive directory
>listings or files.
>Problem: iptables allows traffic through on port 21, but not 20.
>Solution: Either set up iptables to accept traffic on port 20, or set up
>connection tracking and allow iptables to accept related and established
>connections.
- Previous message: hvdkooij@vanderkooij.org: "Re: Help with hijacked sendmail"
- In reply to: Rob 'Feztaa' Park: "A note about firewalls and ftp servers."
- Next in thread: Peter H. Lemieux: "Re: A note about firewalls and ftp servers."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
