ftp forwarding

To: debian-firewall@lists.debian.org
Subject: ftp forwarding
From: Michael Meskes <meskes@debian.org>
Date: Wed, 26 Jan 2000 09:42:17 +0100
Message-id: <[🔎] 20000126094217.A346@fam-meskes.de>
Mail-followup-to: debian-firewall@lists.debian.org

In the ipchains howto I read:

Passive FTP handled by masq. module.

with the following rules:

ipchains -A good-bad -p tcp --dport www -j MASQ
ipchains -A good-bad -p tcp --dport ssh -j MASQ
ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
ipchains -A good-bad -p tcp --dport ftp --j MASQ
ipchains -A good-bad -p icmp --icmp-type ping -j MASQ
ipchains -A good-bad -j REJECT -l

Frankly I cannot see how passive FTP is supposed to work. Yes, the masq.
module does take care of the masquerading stuff, but does it also create a
rule for the port? Well that would be new to me. The way I interpret these
rules I can connect to ports 80, 22, 21 and these traceroute ports. And
that's it. With passive ftp I also have to connect to a port above 1024. But
these rules won't forward that port, do they?

I would love to see a way to block all user ports except selected ones.

Michael
-- 
Michael Meskes                         | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz    | Go Rhein Fire!
Tel.: (+49) 2431/72651                 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De           | Use PostgreSQL!

Reply to:

Prev by Date: Re: Interface Envy
Next by Date: Re: Interface Envy
Previous by thread: Re: Interface Envy
Next by thread: Port forwarding
Index(es):
- Date
- Thread