Re: ftp server behind a firewall

To: debian-firewall@lists.debian.org
Subject: Re: ftp server behind a firewall
From: debian@raycone.net
Date: Thu, 03 Jul 2003 13:48:11 +0200
Message-id: <[🔎] 3F04341B.26718.B71E289@localhost>
In-reply-to: <[🔎] 200307030903.19578.harald.thoeny@swissonline.ch>

On 3 Jul 2003 at 9:03, Harald Thoeny wrote:

 
> here is the problem
> 
> the ftp is behind the firewall. the hole network is masquareded.
> 
> it is not a problem to connect from outside to the firewall but if the 'ls' 
> command is send to the server the connection is getting lost
> 
> can anyone explaine how to set up a proffesional solution ?
> 

Your problem is related to the FTP server which probably works on "passive" transfer;

SOLUTION:

1) load at the beginning of the firewall script the module
/sbin/modprobe ip_conntrack_ftp

2) enable forwarding on ports 20 and 21 like:
/sbin/iptables -A FORWARD -p tcp -m multiport --dports 20,21 -j 
ACCEPT
if you forward to another machine, otherwise use the INPUT rule
(you shold include -s and -o targets for security)
3) enable passive like:
iptables -A FORWARD -p tcp -d 5.6.7.8 --dport 1024:65535 -m 
state --state ESTABLISHED,RELATED -j ACCEPT

this should do,


*****************************************
Alessandro "Formichiere" Bagaglia
Econet S.r.l.
Debian User
*****************************************

Reply to:

References:
- ftp server behind a firewall
  - From: Harald Thoeny <harald.thoeny@swissonline.ch>

Prev by Date: www.linuxpro.co.za
Next by Date: Re: NorhTec Micro HP server
Previous by thread: Re: ftp server behind a firewall
Next by thread: Re: ftp server behind a firewall
Index(es):
- Date
- Thread