Re: open ports with firehol
Dose not connection tracking take care of both active and passive FTP?
These both should fall under state RELATED not state NEW.
--- Daniel Pittman <daniel@rimspace.net> wrote:
> On Wed, 28 Apr 2004, Jonas Meurer wrote:
> > On 27/04/2004 Mike Mestnik wrote:
> >> This lookes to me like kernel(dmesg) output being logged to the
> >> console(/dev/console). This can be changed in /proc/sys/kernel/printk
> >> thought it effects the whole system. Best to change the default LOG
> >> params of firehol, man iptabels.
> >
> > yea, i finally fixed it with setting KLOGD to "-c 4" in
> > /etc/init.d/klogd. Now it's only logging to /var/log/messages any
> > longer.
> >
> > But i've a new problem with firehol:
> > I run proftpd with 5 virthosts on ports 211, 212, 213, 214 and 215.
> > is it possible to open ports with firehol rather than using the
> service
> > synonym?
> > Or how can I correctly set ftp service to these ports? the following
> > doesn't work:
> > server_ftp_ports="tcp/211:215"
> > client_ftp_ports="211:215"
> > [...]
> > server ftp accept
> >
> > it simply doesn't open any ports
>
> FTP is a complex service, and you may have problems if you want to offer
> active FTP. For passive FTP only, the likely problem is that your
> client ports are *not* in the 211 to 215 range, but rather:
>
> server_myftp_ports="tcp/211:215"
> client_myftp_ports="default"
>
> That should do what you want for passive FTP. Again, active is a bit
> harder.
>
> You can also do it this way:
>
> server custom myftp "tcp/211:215" "default" accept ...
>
> Regards,
> Daniel
>
> --
> Time spent in the advertising business seems to create a
> permanent deformity like the Chinese habit of foot-bonding.
> -- Dean Acheson
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover
Reply to: