Re: Firewall and a FTP server (nfcan: addressed to exclusive sender for this address)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jim Laurino <nfcan.x.jimlaur@dfgh.net>
To: netfilter@lists.netfilter.org
Subject: Re: Firewall and a FTP server (nfcan: addressed to exclusive sender for this address)
Date: Mon, 19 Dec 2005 10:15:48 -0500	[thread overview]
Message-ID: <20051219151548.GA31194@salty> (raw)
In-Reply-To: <b552223b0512190352v25209da9p7d3d685b58ea9e6d@mail.gmail.com> (from +nfcan+jimlaur+4ee21c4004.tac.forums#gmail.com@spamgourmet.com on Mon, Dec 19, 2005 at 06:52:12 -0500)

On 2005.12.19 06:52, TAC Forums - tac.forums@gmail.com wrote:
> Hi All,
> 
> We have a FTP server, (Red Hat Linux 7) behind a firewall, the
> firewall allows only incomming and established connections on ports
> 20,21  from any where and evry where.
> 
> The Problem is, when the customers use FTP clients, the manage to
> login , but cannot upload/download files if they use PASSIVE FTP
> connections.
> 
> Can smeone suggest, how the best way to get out of this situation,
> should we enable all ports above 1023?

Besides loading the modules, as already discussed,
you need to change the filter rules to allow
not only ESTABLISHED but also RELATED connections.
This eliminates the need to open all the high ports.
The new rule would look something like this:

$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

-- 
Jim Laurino
nfcan.x.jimlaur@dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.

next prev parent reply	other threads:[~2005-12-19 15:15 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-19 11:52 Firewall and a FTP server TAC Forums
2005-12-19 12:08 ` Askar Ali
2005-12-20  5:30   ` TAC Forums
2005-12-19 15:15 ` Jim Laurino [this message]
2005-12-19 16:15 ` Marcin Krol
2005-12-20  1:19   ` ludi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051219151548.GA31194@salty \
    --to=nfcan.x.jimlaur@dfgh.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.