From: Raymond Leach <raymondl@knowledgefactory.co.za>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: rsterenborg@xs4all.nl, 'Paulo Andre' <pandre@darkstar.nom.za>,
'louie miranda' <lmiranda@chikka.com>,
'netfilter' <netfilter@lists.netfilter.org>
Subject: RE: portfw on iptables 2.4 kernel problem.
Date: 10 Dec 2002 14:12:18 +0200 [thread overview]
Message-ID: <1039522338.1713.118.camel@rayw.knowledgefactory.co.za> (raw)
In-Reply-To: <Pine.LNX.4.33.0212101245300.9625-100000@blackhole.kfki.hu>
[-- Attachment #1: Type: text/plain, Size: 1809 bytes --]
Thank you for clearing that up. I must have not installed/invoked the
ftp connection tracking modules for iptables then...
Ray
On Tue, 2002-12-10 at 13:52, Jozsef Kadlecsik wrote:
> On 10 Dec 2002, Raymond Leach wrote:
>
> > OK, then how does connection tracking work for passive ftp?
>
> The FTP connection tracking and NAT helper modules support active (PORT,
> EPRT) and passive (PASV, EPSV responses) ftp as well. In both cases the
> command channel is monitored and the commands/responses are parsed. As the
> appropriate patterns detected, the system digs out the announced
> port (address) and prepares to accept the data channel.
>
> At iptables level there is no difference whatsoever between active/passive
> modes in letting in/NATing them.
>
> Regards,
> Jozsef
> -
> E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
> H-1525 Budapest 114, POB. 49, Hungary
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
( Raymond Leach )
) Knowledge Factory (
( )
) Tel: +27 11 445 8100 (
( Fax: +27 11 445 8101 )
) (
( http://www.knowledgefactory.co.za/ )
) http://www.saptg.co.za/ (
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o o
o o
.--. .--.
| o_o| |o_o |
| \_:| |:_/ |
/ / \\ // \ \
( | |) (| | )
/`\_ _/'\ /'\_ _/`\
\___)=(___/ \___)=(___/
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2002-12-10 12:12 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <FD8F124A387AD6119F7900A0D218B321561982@hslex01.hslbz.local>
2002-12-10 9:43 ` portfw on iptables 2.4 kernel problem Rob Sterenborg
2002-12-10 11:00 ` Raymond Leach
2002-12-10 11:22 ` Jozsef Kadlecsik
2002-12-10 11:32 ` Raymond Leach
2002-12-10 11:52 ` Jozsef Kadlecsik
2002-12-10 12:12 ` Raymond Leach [this message]
2002-12-11 6:08 ` louie miranda
2002-12-11 6:20 ` Raymond Leach
[not found] <96C102324EF9D411A49500306E06C8D1021AE462@eketsv02.cubis.de >
2002-12-12 8:51 ` Rasmus Reinholdt Nielsen
2002-12-12 14:25 ` Joel Newkirk
2002-12-12 8:09 Reckhard, Tobias
-- strict thread matches above, loose matches on Subject: below --
2002-12-12 7:33 Reckhard, Tobias
2002-12-12 7:31 Reckhard, Tobias
2002-12-11 9:00 Reckhard, Tobias
2002-12-11 14:25 ` Joel Newkirk
2002-12-11 7:32 Reckhard, Tobias
2002-12-11 8:05 ` Joel Newkirk
2002-12-10 8:56 louie miranda
2002-12-10 9:01 ` Raymond Leach
2002-12-10 9:11 ` louie miranda
2002-12-10 9:01 ` Paulo Andre
2002-12-10 9:12 ` louie miranda
2002-12-11 11:26 ` Andrea Rossato
2002-12-12 3:11 ` louie miranda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1039522338.1713.118.camel@rayw.knowledgefactory.co.za \
--to=raymondl@knowledgefactory.co.za \
--cc=kadlec@blackhole.kfki.hu \
--cc=lmiranda@chikka.com \
--cc=netfilter@lists.netfilter.org \
--cc=pandre@darkstar.nom.za \
--cc=rsterenborg@xs4all.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.