From: 'Jonas Meurer' <jonas@freesources.org>
To: Rob Sterenborg <rob@sterenborg.info>
Cc: Netfilter-Users <netfilter@lists.netfilter.org>
Subject: Re: how to set ports for ip_conntrack_ftp
Date: Thu, 31 Aug 2006 17:57:49 +0200 [thread overview]
Message-ID: <20060831155749.GC32342@freesources.org> (raw)
In-Reply-To: <000601c6cd14$e07a28a0$0101000a@tanjian>
On 31/08/2006 Rob Sterenborg wrote:
> > where can i set the ports for ip_conntrack_ftp?
> >
> > if i load it as module, i can use
> > 'modprobe ip_conntrack_ftp ports=21,31,41'
> >
> > but if the module is compiled into the kernel, i have no idea how to
> > set the ports. i didn't find anything in either /proc or
> > kernel-source/Documentation.
>
> AFAIK you can't: you can only do that when it's compiled as a module.
in other words, this module is unusable for ftpservers on non-standard
ports, if it's compiled into the kernel?
what reason does this have?
i run several zope instances on a server, all of them providing a
ftpserver.
i use firehol as firewall software.
how can i open the ports for those ftp-servers without using
ip_conntrack_ftp?
what i'm currently doing is:
iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED,RELATED \
-m multiport -p tcp --dports 9621,9721 \
-d **.**.***.**/31 -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED \
-m multiport -p tcp --sports 9621,9721 \
-d **.**.***.**/31 -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state NEW \
-m multiport -p tcp --sports 9620,9720 \
-d **.**.***.**/31 -j ACCEPT
but obviously this doesn't work. i still cannot connect to the
ftpservers on port 9621 and 9721. what am i missing?
...
jonas
next prev parent reply other threads:[~2006-08-31 15:57 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-31 15:11 how to set ports for ip_conntrack_ftp Jonas Meurer
[not found] ` <000601c6cd14$e07a28a0$0101000a@tanjian>
2006-08-31 15:57 ` 'Jonas Meurer' [this message]
2006-08-31 16:28 ` Rob Sterenborg
2006-09-01 7:24 ` Jan Engelhardt
2006-08-31 16:44 ` Pascal Hambourg
2006-09-01 1:20 ` Jonas Meurer
2006-09-01 2:22 ` Pascal Hambourg
2006-09-02 14:27 ` Jonas Meurer
2006-09-02 15:17 ` Pascal Hambourg
2006-09-03 16:29 ` Jonas Meurer
2006-09-03 17:35 ` Pascal Hambourg
2006-08-31 17:30 ` Damjan
2006-08-31 22:48 ` Jonas Meurer
2006-09-01 5:59 ` Rob Sterenborg
2006-09-02 14:29 ` Jonas Meurer
2006-09-02 15:16 ` Steffen Heil
2006-09-02 16:14 ` Rob Sterenborg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060831155749.GC32342@freesources.org \
--to=jonas@freesources.org \
--cc=netfilter@lists.netfilter.org \
--cc=rob@sterenborg.info \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.