Re: ftp server behind a firewall

To: harald.thoeny@swissonline.ch
Cc: debian-firewall@lists.debian.org
Subject: Re: ftp server behind a firewall
From: "Volker Tanger" <volker.tanger@discon.de>
Date: Thu, 3 Jul 2003 11:37:05 +0200
Message-id: <[🔎] 20030703113705.20244705.volker.tanger@discon.de>
In-reply-to: <[🔎] 200307030903.19578.harald.thoeny@swissonline.ch>
References: <[🔎] 200307030903.19578.harald.thoeny@swissonline.ch>

Greetings!

On Thu, 3 Jul 2003 09:03:15 +0200 Harald Thoeny
<harald.thoeny@swissonline.ch> wrote:

> the ftp is behind the firewall. the hole network is masquareded.
> it is not a problem to connect from outside to the firewall but if the
> 'ls' command is send to the server the connection is getting lost
> can anyone explaine how to set up a proffesional solution ?

The firewall should be able to filter FTP correctly - which it obviously
does not. For this you need a "stateful" packet filter.

If you use a Debian-based FW (I'd suggest kernel 2.4 with IPFILTER) you
need to have the FTP ipfilter module installed as well and allow
ESTABLISHED as well as RELATED back in. The latter is needed to allow
the DATA connection from the server to the client.

Workaround is to switch the FTP clients to passive mode, which uses
outgoing-only connections.

Bye

Volker Tanger

--

Reply to:

Follow-Ups:
- Re: ftp server behind a firewall
  - From: Harald Thoeny <harald.thoeny@swissonline.ch>

References:
- ftp server behind a firewall
  - From: Harald Thoeny <harald.thoeny@swissonline.ch>

Prev by Date: Re: ftp server behind a firewall
Next by Date: www.linuxpro.co.za
Previous by thread: Re: ftp server behind a firewall
Next by thread: Re: ftp server behind a firewall
Index(es):
- Date
- Thread