Re: open ports with firehol
On Wed, 28 Apr 2004, Jonas Meurer wrote:
> On 27/04/2004 Mike Mestnik wrote:
>> This lookes to me like kernel(dmesg) output being logged to the
>> console(/dev/console). This can be changed in /proc/sys/kernel/printk
>> thought it effects the whole system. Best to change the default LOG
>> params of firehol, man iptabels.
>
> yea, i finally fixed it with setting KLOGD to "-c 4" in
> /etc/init.d/klogd. Now it's only logging to /var/log/messages any
> longer.
>
> But i've a new problem with firehol:
> I run proftpd with 5 virthosts on ports 211, 212, 213, 214 and 215.
> is it possible to open ports with firehol rather than using the service
> synonym?
> Or how can I correctly set ftp service to these ports? the following
> doesn't work:
> server_ftp_ports="tcp/211:215"
> client_ftp_ports="211:215"
> [...]
> server ftp accept
>
> it simply doesn't open any ports
FTP is a complex service, and you may have problems if you want to offer
active FTP. For passive FTP only, the likely problem is that your
client ports are *not* in the 211 to 215 range, but rather:
server_myftp_ports="tcp/211:215"
client_myftp_ports="default"
That should do what you want for passive FTP. Again, active is a bit
harder.
You can also do it this way:
server custom myftp "tcp/211:215" "default" accept ...
Regards,
Daniel
--
Time spent in the advertising business seems to create a
permanent deformity like the Chinese habit of foot-bonding.
-- Dean Acheson
Reply to: