Re: FTP Server behind firewall.

To: "Stuart Grimshaw" <stuart@smgsystems.co.uk>, <debian-firewall@lists.debian.org>
Subject: Re: FTP Server behind firewall.
From: "Robert Davies" <Rob_Davies@NTLWorld.Com>
Date: Fri, 6 Apr 2001 22:19:14 +0100
Message-id: <001b01c0bedf$3b891d40$e43b68d5@oak>
References: <01032901342420.21949@garner>

> I've set up wu-ftpd on a machine behind my firewall & forwarded port 21 to
> the internal machine. I've also set up wu-ftpd's "passive address" config
> option.
>
> The last bit that I'm stuck with is the actual firewall rules. I only
allow 3
> users to connect to my ftp at once, so what is the best way to forward the
> ports I have defined in "passive address" to their matching ports on the
> internal server?
>
> I've defined 100 ports for use, so I'd rather not have to go through and
> define them all 1 by 1 if I can avoid it....

I had a look at using ftp behind a firewall, with the help of ipmasqadm and
the ip_masq_ftp module, and there is yet more to it.  The kernel will time
out the control connection (I think) during long transfers using the data
port.

Now I remembr investigating a patch for 2.2 kernels which purported to solve
the reliability problems, that would have occured, but as 2.2.16 and beyond
had security fixes which clashed, I took another approach, to avoid
tunneling ftp server through the firewall.  This had also the benefit of not
having to educate Mac users in the difference between active and passive
ftp.

I believe 2.4's iptables has been enhanced to simplify the handlign and make
this much easier, as it can track the connections, but I haven't used it
yet.

Rob

Reply to:

Prev by Date: Re: IPPORTFW vs MFW
Next by Date: RTP Proxy / Masquerading RTP Traffic
Previous by thread: Unidentified subject!
Next by thread: RTP Proxy / Masquerading RTP Traffic
Index(es):
- Date
- Thread