problems with firehol and non-default ftp ports
hello,
i've proftpd 1.2.9 (-15 from debian/testing) installed, and it runs one
main server next to five virtualhosts. all 6 ftp servers run on the same
IP, on different ports: 21, 210, 215, 220, 225, 230
firehol is configured like following:
server_myftp_ports="tcp/210 tcp/215 tcp/215 tcp/220 tcp/225 tcp/230"
client_myftp_ports="default"
interface eth0+ interface1
server ICMP accept
server ftp accept
server ssh accept
server myftp accept
modprobe ip_conntrack_ftp ports=21,210,215,220,225,230
iptables -A INPUT -i eth0 -p tcp --dport 210 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 210 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 215 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 215 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 220 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 220 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 225 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 225 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 230 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 230 -j ACCEPT
since some weeks, the ftp server doesn't respond to requests on ports
except 21 and 215 any longer, and i've no glue what the problem could
be.
the confusing about this is, that the config worked already like a
charm, but immediately it breaks and ftp connects to 210, 220, 225 or
230 are allowed, but stop at opening data connection, according to lftp.
i know, that ftp needs at least the port under the default one, but i
thought that giving the ports to ip_conntrack_ftp module would solve
this. do i have to open anything else?
for some stupid reason, firehol doesn't allow to configure
server PORTNUMBER accept
directly, and ftp seems to open port 21 only.
bye
jonas
Reply to: