Re: ftp server behind a firewall
Greetings!
On Thu, 3 Jul 2003 09:03:15 +0200 Harald Thoeny
<harald.thoeny@swissonline.ch> wrote:
> the ftp is behind the firewall. the hole network is masquareded.
> it is not a problem to connect from outside to the firewall but if the
> 'ls' command is send to the server the connection is getting lost
> can anyone explaine how to set up a proffesional solution ?
The firewall should be able to filter FTP correctly - which it obviously
does not. For this you need a "stateful" packet filter.
If you use a Debian-based FW (I'd suggest kernel 2.4 with IPFILTER) you
need to have the FTP ipfilter module installed as well and allow
ESTABLISHED as well as RELATED back in. The latter is needed to allow
the DATA connection from the server to the client.
Workaround is to switch the FTP clients to passive mode, which uses
outgoing-only connections.
Bye
Volker Tanger
--
Reply to: