Re: tls ssl ftp connection over iptables
oops I don't understand because even in passive mode it hangs (in TLS
only, it works fine in clear mode)
Bastien
Thu, 25 Mar 2004 16:10:13 +0100
"Volker Tanger" <volker.tanger@detewe.de> Message original :
> Greetings!
>
> On Sun, 25 Apr 2004 14:17:45 +0200 Bastien Rocheron
> <bastien.rocheron@free.fr> wrote:
>
> > I have an iptable packet filter which does his job well but when I
> > decide to allow only tls connections over the ftp server people can
> > connect on the server in active mode because I said to the packet
> > filter to let everything come thru the ftp port but just after the
> > connection is made it hangs and nothing more happens. I suppose it's
> > because of the data port which is given randomly and this one is
> > cyphered so the packet filter gets mad about it and drop the
> > packets.
>
> The FTP-conntrack can't look into the control channel and thus cannot
> detect which data port will be used - thus no data port is ever
> opened.
>
> One workaround would be to allow all outgoing connections and use
> PASSIVE FTP...
>
> Bye
>
> Volker Tanger
> ITK Security
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
Reply to: