Re: AW: How configure firewall with ftp
--- Erik.Hofmann@infineon.com wrote:
> I had this problem too. The control channel is working and the data
> channel of ftp is blocked.
>
> I always thought that ftp control channel tcp 21 towards the server and
> data channel tcp 20 towards the client in case of active ftp is common
> rfc compliant behaviour of all ftp servers.
>
That should read tcp 20 from the server. However since ftp-servers stated
using privelage seperation this is no longer posibe, in unix any way as
ports < 1024 are priveleged.
> But some seems to answer on arbitrary ports, as I could see at the log
> files.
> Are those servers sick or is that behaviour normal?
>
> How is iptables connection tracking for ftp supposed to deal with the
> backwards initiated ftp data connections - active ftp - and in case of
> ansering on arbitrary ports?
>
A good question.
> Did you tcpdump the connection initiation process?
>
> Erik
>
> >Hi all
> >
> >I have configured a iptables firewall (2.4 Kernel). It
> >has allowed any service form inside and only ssh and
> >mail from outside.
> >
> >My probles is, from inside I can not ftp to outside
> >server.
> >
> >When i type ftp command it prompts username and
> >passwords. but I can not get "ls" output.
> >
> >It gives
> >
> >550 Permission denied
> >425 use PORT or PASV first
> >
> >
> >I hope Your help
> >
> >
> >Thank You
> >
> >Champaka
> >
> >
> >
> >__________________________________
> >Do you Yahoo!?
> >New and Improved Yahoo! Mail - Send 10MB messages!
> >http://promotions.yahoo.com/new_mail
> >
> >
> >--
> >To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> >with a subject of "unsubscribe". Trouble? Contact
> >listmaster@lists.debian.org
> >
> >
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
Reply to: