Re: ftp server behind a firewall
-----BEGIN PGP SIGNED MESSAGE-----
all i have to do is to load to kernelmodules.
ip_conntrack_ftp and ip_nat_ftp
right now everything is working fine.
but is it possible that the kernel unload those two modules if they are unused
for a longer time ? and how to load this to at boottime ?
Am Donnerstag, 3. Juli 2003 11.37 schrieb Volker Tanger:
> On Thu, 3 Jul 2003 09:03:15 +0200 Harald Thoeny
> <email@example.com> wrote:
> > the ftp is behind the firewall. the hole network is masquareded.
> > it is not a problem to connect from outside to the firewall but if the
> > 'ls' command is send to the server the connection is getting lost
> > can anyone explaine how to set up a proffesional solution ?
> The firewall should be able to filter FTP correctly - which it obviously
> does not. For this you need a "stateful" packet filter.
> If you use a Debian-based FW (I'd suggest kernel 2.4 with IPFILTER) you
> need to have the FTP ipfilter module installed as well and allow
> ESTABLISHED as well as RELATED back in. The latter is needed to allow
> the DATA connection from the server to the client.
> Workaround is to switch the FTP clients to passive mode, which uses
> outgoing-only connections.
> Volker Tanger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----