Re: iptables and FTP
From: Alessandro Selli (adoro.lo.spam_at_libero.it)
Date: 05/14/03
- Next message: Erwan Becquet: "Chroot and X-Window applications"
- Previous message: charly: "iptables and FTP"
- In reply to: charly: "iptables and FTP"
- Next in thread: Julien Salgado: "Re: iptables and FTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 May 2003 16:30:18 +0200
Il giorno Wed, 14 May 2003, charly cosė ha scritto:
|From: charly <kanari@yahoo.fr>
|Date: Wed, 14 May 2003 11:52:12 +0200
|Subject: iptables and FTP
|
|Greetings,
|
|My box is a linux distro is mandrake.
|I installed iptables and it works nearly ok :)
|
|I cannot get filelist from ftp servers : I can login/pass but get a
|connection time out when trying to acces the file list.
|I think there must be something wrong in my script regarding iptables
|configuration :
[...]
|$protec -A OUTPUT -o eth0 --protocol tcp --destination-port 20 -j ACCEPT
|$protec -A OUTPUT -o eth0 --protocol tcp --destination-port 21 -j ACCEPT
The problem with ftp is that ftp connections are established though port 21,
but the data transfer goes through port 20. There's a "ftp" specific module
to track these packets:
make menuconfig
Networking options --->
IP: Netfilter Configuration --->
<M> FTP protocol support (NEW)
x CONFIG_IP_NF_FTP: x
x x
x Tracking FTP connections is problematic: special helpers are x
x required for tracking them, and doing masquerading and other forms x
x of Network Address Translation on them. x
x x
x If you want to compile it as a module, say M here and read x
x Documentation/modules.txt. If unsure, say Y'. x
Sandro
--
Bellum se ipsum alet
La guerra nutre se stessa
Livio, Ab urbe condita, XXXIV,9
- Next message: Erwan Becquet: "Chroot and X-Window applications"
- Previous message: charly: "iptables and FTP"
- In reply to: charly: "iptables and FTP"
- Next in thread: Julien Salgado: "Re: iptables and FTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
