[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]

On 10/09/2004 Mike Mestnik wrote:
> > anyway firehol doesn't allow to set user specific ports for service
> > 'ftp', and therefore i have to open these ports manually.
> 
> ?user specific? You mean 20 (ftp-data) and not just 21 (ftp)?  Connection
> tracking FTP should handel this, but only for your clients and not for any
> servers you could be running.

no, i have 5 ftp servers running on 5 different ports. all these ports
need to be opened for ftp traffic.

> Turn this on with a 'modprobe ip_conntrack_ftp' and if your doing nat
> 'modprobe ip_nat_ftp'.  I add these into /etc/modules.

i have
modprobe ip_conntrack_ftp ports=21,210,215,220,225,230
in /etc/firehol/firehol.conf, and that works quite well.


> > so this means that i don't need to open udp ports for ftp ...
> 
> That depends, do you plan to use host names instead of IPs?  If yes then
> you will need to let DNS(udp) throught, fireho might do this for you.

the ftpserver run on ips, but these ips are also available through
dnsnames, and clients are intended to use these dnsnames, but i guess
you think dnsname based virtualhosts, what in my opinion doesn't work
for ftp at all, as it doesn't have the relevant name headers, as http
has.

bye
 jonas
Reply to: