Re: ftp server behind a firewall
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
thanks,
all i have to do is to load to kernelmodules.
ip_conntrack_ftp and ip_nat_ftp
right now everything is working fine.
but is it possible that the kernel unload those two modules if they are unused
for a longer time ? and how to load this to at boottime ?
thanks
harald
Am Donnerstag, 3. Juli 2003 11.37 schrieb Volker Tanger:
> Greetings!
>
> On Thu, 3 Jul 2003 09:03:15 +0200 Harald Thoeny
>
> <harald.thoeny@swissonline.ch> wrote:
> > the ftp is behind the firewall. the hole network is masquareded.
> > it is not a problem to connect from outside to the firewall but if the
> > 'ls' command is send to the server the connection is getting lost
> > can anyone explaine how to set up a proffesional solution ?
>
> The firewall should be able to filter FTP correctly - which it obviously
> does not. For this you need a "stateful" packet filter.
>
> If you use a Debian-based FW (I'd suggest kernel 2.4 with IPFILTER) you
> need to have the FTP ipfilter module installed as well and allow
> ESTABLISHED as well as RELATED back in. The latter is needed to allow
> the DATA connection from the server to the client.
>
> Workaround is to switch the FTP clients to passive mode, which uses
> outgoing-only connections.
>
> Bye
>
> Volker Tanger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/BUfmrq3/k4gLqoMRAnedAJ0eR664Q4OxrJ0UbqTzmbNd1ruQWgCgr48C
kbNC+boKMdb+GOlA2RT+DAQ=
=RkOS
-----END PGP SIGNATURE-----
Reply to: