Re: open ports with firehol

To: Daniel Pittman <daniel@rimspace.net>, debian-firewall@lists.debian.org
Subject: Re: open ports with firehol
From: Mike Mestnik <cheako911@yahoo.com>
Date: Wed, 28 Apr 2004 20:51:00 -0700 (PDT)
Message-id: <[🔎] 20040429035100.4442.qmail@web11904.mail.yahoo.com>
In-reply-to: <[🔎] 87y8ofh5qn.fsf@enki.rimspace.net>

Dose not connection tracking take care of both active and passive FTP? 
These both should fall under state RELATED not state NEW.

--- Daniel Pittman <daniel@rimspace.net> wrote:
> On Wed, 28 Apr 2004, Jonas Meurer wrote:
> > On 27/04/2004 Mike Mestnik wrote:
> >> This lookes to me like kernel(dmesg) output being logged to the
> >> console(/dev/console). This can be changed in /proc/sys/kernel/printk
> >> thought it effects the whole system. Best to change the default LOG
> >> params of firehol, man iptabels.
> > 
> > yea, i finally fixed it with setting KLOGD to "-c 4" in
> > /etc/init.d/klogd. Now it's only logging to /var/log/messages any
> > longer.
> > 
> > But i've a new problem with firehol:
> > I run proftpd with 5 virthosts on ports 211, 212, 213, 214 and 215.
> > is it possible to open ports with firehol rather than using the
> service
> > synonym?
> > Or how can I correctly set ftp service to these ports? the following
> > doesn't work:
> > server_ftp_ports="tcp/211:215"
> > client_ftp_ports="211:215"
> > [...]
> > server ftp accept
> > 
> > it simply doesn't open any ports
> 
> FTP is a complex service, and you may have problems if you want to offer
> active FTP.  For passive FTP only, the likely problem is that your
> client ports are *not* in the 211 to 215 range, but rather:
> 
> server_myftp_ports="tcp/211:215"
> client_myftp_ports="default"
> 
> That should do what you want for passive FTP.  Again, active is a bit
> harder.
> 
> You can also do it this way:
> 
> server custom myftp "tcp/211:215" "default" accept ...
> 
> Regards,
>         Daniel
> 
> -- 
> Time spent in the advertising business seems to create a
> permanent deformity like the Chinese habit of foot-bonding.
>         -- Dean Acheson
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 



	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover

Reply to:

Follow-Ups:
- Re: open ports with firehol
  - From: Daniel Pittman <daniel@rimspace.net>

References:
- Re: open ports with firehol
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: open ports with firehol
Next by Date: Re: open ports with firehol
Previous by thread: Re: open ports with firehol
Next by thread: Re: open ports with firehol
Index(es):
- Date
- Thread