ip_masq_ftp

To: debian-firewall@lists.debian.org
Subject: ip_masq_ftp
From: Iain <iain@minihub.org>
Date: Sat, 24 Nov 2001 11:44:48 +1100
Message-id: <[🔎] ayopkB.A.z0F.64u_7@murphy>

Hi,

My firewall is based on the debian ipmasq scripts with a couple of 
modifications.

I have setup my firewall to block all incoming SYN packets from the outside 
world except for services that I want accessible.

$IPCHAINS -A input -j ACCEPT -i $i -d $IPOFIF/32 -p tcp ! --syn

Now this works fine for masquerading except for outgoing FTP. Passive FTP 
works fine but normal FTP doesn't.

Now I thought that this is what the ip_masq_ftp modules is for. And this 
module works if I'm not blocking all incoming SYN packets. 

So I guess my question is, does ip_masq_ftp use a discrete range of ports for 
FTP connections or does it use everything between 1024-65535? Is there a way 
to tell it to use a particular range of ports as I don't like opening up the 
whole range due to the fact that many daemons use non priviliged ports these 
days.

thanks, Iain.

P.S. Please CC replies.


-- 
public key available at http://www.minihub.org/~iain/iain.asc

Reply to:

Follow-Ups:
- Re: ip_masq_ftp
  - From: Bernd Eckenfels <lists@lina.inka.de>

Prev by Date: RE: Auto starting iptables
Next by Date: Re: ip_masq_ftp
Previous by thread: [OT] list bounce message
Next by thread: Re: ip_masq_ftp
Index(es):
- Date
- Thread