[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tls ssl ftp connection over iptables

You could use an FTP proxy if one supported tls.

--- Volker Tanger <volker.tanger@detewe.de> wrote:
> Greetings!
> 
> On Sun, 25 Apr 2004 14:17:45 +0200 Bastien Rocheron
> <bastien.rocheron@free.fr> wrote:
> 
> > I have an iptable packet filter which does his job well but when I
> > decide to allow only tls connections over the ftp server people can
> > connect on the server in active mode because I said to the packet
> > filter to let everything come thru the ftp port but just after the
> > connection is made it hangs and nothing more happens. I suppose it's
> > because of the data port which is given randomly and this one is
> > cyphered so the packet filter gets mad about it and drop the packets.
> 
> The FTP-conntrack can't look into the control channel and thus cannot
> detect which data port will be used - thus no data port is ever opened.
> 
> One workaround would be to allow all outgoing connections and use
> PASSIVE FTP...
> 
> Bye
> 
> Volker Tanger
> ITK Security
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 


__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
Reply to: