[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FTP Server behind firewall.

> I've set up wu-ftpd on a machine behind my firewall & forwarded port 21 to
> the internal machine. I've also set up wu-ftpd's "passive address" config
> option.
> The last bit that I'm stuck with is the actual firewall rules. I only
allow 3
> users to connect to my ftp at once, so what is the best way to forward the
> ports I have defined in "passive address" to their matching ports on the
> internal server?
> I've defined 100 ports for use, so I'd rather not have to go through and
> define them all 1 by 1 if I can avoid it....

I had a look at using ftp behind a firewall, with the help of ipmasqadm and
the ip_masq_ftp module, and there is yet more to it.  The kernel will time
out the control connection (I think) during long transfers using the data

Now I remembr investigating a patch for 2.2 kernels which purported to solve
the reliability problems, that would have occured, but as 2.2.16 and beyond
had security fixes which clashed, I took another approach, to avoid
tunneling ftp server through the firewall.  This had also the benefit of not
having to educate Mac users in the difference between active and passive

I believe 2.4's iptables has been enhanced to simplify the handlign and make
this much easier, as it can track the connections, but I haven't used it


Reply to: