[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]



My firewall is based on the debian ipmasq scripts with a couple of 

I have setup my firewall to block all incoming SYN packets from the outside 
world except for services that I want accessible.

$IPCHAINS -A input -j ACCEPT -i $i -d $IPOFIF/32 -p tcp ! --syn

Now this works fine for masquerading except for outgoing FTP. Passive FTP 
works fine but normal FTP doesn't.

Now I thought that this is what the ip_masq_ftp modules is for. And this 
module works if I'm not blocking all incoming SYN packets. 

So I guess my question is, does ip_masq_ftp use a discrete range of ports for 
FTP connections or does it use everything between 1024-65535? Is there a way 
to tell it to use a particular range of ports as I don't like opening up the 
whole range due to the fact that many daemons use non priviliged ports these 

thanks, Iain.

P.S. Please CC replies.

public key available at http://www.minihub.org/~iain/iain.asc

Reply to: