ftp forwarding
In the ipchains howto I read:
Passive FTP handled by masq. module.
with the following rules:
ipchains -A good-bad -p tcp --dport www -j MASQ
ipchains -A good-bad -p tcp --dport ssh -j MASQ
ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
ipchains -A good-bad -p tcp --dport ftp --j MASQ
ipchains -A good-bad -p icmp --icmp-type ping -j MASQ
ipchains -A good-bad -j REJECT -l
Frankly I cannot see how passive FTP is supposed to work. Yes, the masq.
module does take care of the masquerading stuff, but does it also create a
rule for the port? Well that would be new to me. The way I interpret these
rules I can connect to ports 80, 22, 21 and these traceroute ports. And
that's it. With passive ftp I also have to connect to a port above 1024. But
these rules won't forward that port, do they?
I would love to see a way to block all user ports except selected ones.
Michael
--
Michael Meskes | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire!
Tel.: (+49) 2431/72651 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De | Use PostgreSQL!
Reply to: