Re: ProFTPd behind firewall
Thank you very much :o)
Only one more question: Is posible to use this approach while firewall is on the same machine as FTP server? I own only one computer :o)
Gavin Hamill <gdh@acentral.co.uk> wrote:
> On Thu, Aug 21, 2003 at 08:39:05PM +0200, Ahton?n Kar?sek wrote:
> > PassivePorts 2000 2200
> >
> > But ProFTP seem not to read this :) It's not possible to build firewall without this feature :(
> > Is there anybody knows, where the problem can be?
>
> Is the firewall in question a Linux iptables one, or something
> proprietary?
>
> If it's iptables, then you shouldn't need to do any of this, since
> you can make use of statefulness in netfilter..
>
> Load the ip_conntrack_ftp module if needed, and allow allowing port 21
> TCP to that machine, and ensure that packets in the FORWARD chain
> (assumes the firewall is a seperate machine, as it should be) are
> accepting ESTABLISHED and RELATED connections :)
>
> Something like
>
> $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> (the syntax might be a little different, I can't check docs/google from
> here..)
>
> Then you won't need to open any ranges at all, and can live safe in the
> knowledge iptables is keeping you secure :)
>
> Cheers,
> Gavin.
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
________________________________________________________________________________
VHS a DVD Minority Report je v prodeji. Vyhrajte víkend s autem Lexus, mobilní telefony Nokia, DVD Minority Report a další ceny na http://www.atlas.cz/clickAD.asp?ad=35121
Reply to: