* ftp connection tracking on multiple ports
@ 2004-10-28 10:18 Mohamed Eldesoky
2004-10-28 10:21 ` George Alexandru Dragoi
2004-10-28 12:41 ` Jason Opperisano
0 siblings, 2 replies; 8+ messages in thread
From: Mohamed Eldesoky @ 2004-10-28 10:18 UTC (permalink / raw)
To: netfilter
Dear all,
I have a server that runs FTP on two ports, port 21 and port 45 (for
strange reasons)
Now, i want conntrack to track the connections of both ports and their
data ports !!
I did that in my firewall script
/sbin/modprobe ip_conntrack_ftp ports=21,45
$IPTABLES -A linweb_chain -p tcp -m multiport --destination-port
80,21,45 -j ACCEPT
Is that all I need ??
--
Mohamed Eldesoky
www.eldesoky.net
RHCE
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ftp connection tracking on multiple ports
2004-10-28 10:18 ftp connection tracking on multiple ports Mohamed Eldesoky
@ 2004-10-28 10:21 ` George Alexandru Dragoi
2004-10-28 10:40 ` Mohamed Eldesoky
2004-10-28 12:41 ` Jason Opperisano
1 sibling, 1 reply; 8+ messages in thread
From: George Alexandru Dragoi @ 2004-10-28 10:21 UTC (permalink / raw)
To: netfilter
Make sure you accept the packets in the RELATED and ESTABLISHED state.
On Thu, 28 Oct 2004 12:18:24 +0200, Mohamed Eldesoky
<eldesoky.lists@gmail.com> wrote:
> Dear all,
>
> I have a server that runs FTP on two ports, port 21 and port 45 (for
> strange reasons)
> Now, i want conntrack to track the connections of both ports and their
> data ports !!
>
> I did that in my firewall script
> /sbin/modprobe ip_conntrack_ftp ports=21,45
> $IPTABLES -A linweb_chain -p tcp -m multiport --destination-port
> 80,21,45 -j ACCEPT
>
> Is that all I need ??
>
> --
> Mohamed Eldesoky
> www.eldesoky.net
> RHCE
>
>
--
Bla bla
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ftp connection tracking on multiple ports
2004-10-28 10:21 ` George Alexandru Dragoi
@ 2004-10-28 10:40 ` Mohamed Eldesoky
0 siblings, 0 replies; 8+ messages in thread
From: Mohamed Eldesoky @ 2004-10-28 10:40 UTC (permalink / raw)
To: George Alexandru Dragoi, netfilter
I do
But it doesn't work when doing ftp host 45 then do ls
it hangs there !!
On Thu, 28 Oct 2004 13:21:45 +0300, George Alexandru Dragoi
<waruiinu@gmail.com> wrote:
> Make sure you accept the packets in the RELATED and ESTABLISHED state.
>
> On Thu, 28 Oct 2004 12:18:24 +0200, Mohamed Eldesoky
>
>
> <eldesoky.lists@gmail.com> wrote:
> > Dear all,
> >
> > I have a server that runs FTP on two ports, port 21 and port 45 (for
> > strange reasons)
> > Now, i want conntrack to track the connections of both ports and their
> > data ports !!
> >
> > I did that in my firewall script
> > /sbin/modprobe ip_conntrack_ftp ports=21,45
> > $IPTABLES -A linweb_chain -p tcp -m multiport --destination-port
> > 80,21,45 -j ACCEPT
> >
> > Is that all I need ??
> >
> > --
> > Mohamed Eldesoky
> > www.eldesoky.net
> > RHCE
> >
> >
>
>
> --
> Bla bla
>
>
--
Mohamed Eldesoky
www.eldesoky.net
RHCE
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: ftp connection tracking on multiple ports
@ 2004-10-28 10:40 Sneppe Filip
2004-10-28 11:10 ` Mohamed Eldesoky
0 siblings, 1 reply; 8+ messages in thread
From: Sneppe Filip @ 2004-10-28 10:40 UTC (permalink / raw)
To: Mohamed Eldesoky, George Alexandru Dragoi, netfilter
Mohamed Eldesoky wrote:
>I do
>But it doesn't work when doing ftp host 45 then do ls
>it hangs there !!
Hi,
Don't forget you also need to add the ports for the nat helper:
modprobe ip_nat_ftp ports=21,45
(If ip_nat_ftp is already loaded, you need to rmmod the module first
and then load it again - same thing with ip_conntrack_ftp if you change
a kernel module parameter)
Regards,
Filip
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ftp connection tracking on multiple ports
2004-10-28 10:40 Sneppe Filip
@ 2004-10-28 11:10 ` Mohamed Eldesoky
2004-10-30 21:00 ` Jose Maria Lopez
0 siblings, 1 reply; 8+ messages in thread
From: Mohamed Eldesoky @ 2004-10-28 11:10 UTC (permalink / raw)
To: Sneppe Filip, netfilter
I don't use natting, do I still need that helper ???
On Thu, 28 Oct 2004 12:40:37 +0200, Sneppe Filip <filip.sneppe@uptime.be> wrote:
> Mohamed Eldesoky wrote:
>
> >I do
> >But it doesn't work when doing ftp host 45 then do ls
> >it hangs there !!
>
> Hi,
>
> Don't forget you also need to add the ports for the nat helper:
>
> modprobe ip_nat_ftp ports=21,45
>
> (If ip_nat_ftp is already loaded, you need to rmmod the module first
> and then load it again - same thing with ip_conntrack_ftp if you change
> a kernel module parameter)
>
> Regards,
> Filip
>
>
--
Mohamed Eldesoky
www.eldesoky.net
RHCE
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ftp connection tracking on multiple ports
2004-10-28 10:18 ftp connection tracking on multiple ports Mohamed Eldesoky
2004-10-28 10:21 ` George Alexandru Dragoi
@ 2004-10-28 12:41 ` Jason Opperisano
2004-10-31 7:34 ` Mohamed Eldesoky
1 sibling, 1 reply; 8+ messages in thread
From: Jason Opperisano @ 2004-10-28 12:41 UTC (permalink / raw)
To: netfilter
On Thu, 2004-10-28 at 06:18, Mohamed Eldesoky wrote:
> Dear all,
>
> I have a server that runs FTP on two ports, port 21 and port 45 (for
> strange reasons)
> Now, i want conntrack to track the connections of both ports and their
> data ports !!
>
> I did that in my firewall script
> /sbin/modprobe ip_conntrack_ftp ports=21,45
> $IPTABLES -A linweb_chain -p tcp -m multiport --destination-port
> 80,21,45 -j ACCEPT
>
> Is that all I need ??
iptables -A linweb_chain -m helper --helper ftp -j ACCEPT
-j
--
Jason Opperisano <opie@817west.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ftp connection tracking on multiple ports
2004-10-28 11:10 ` Mohamed Eldesoky
@ 2004-10-30 21:00 ` Jose Maria Lopez
0 siblings, 0 replies; 8+ messages in thread
From: Jose Maria Lopez @ 2004-10-30 21:00 UTC (permalink / raw)
To: netfilter
El jue, 28 de 10 de 2004 a las 13:10, Mohamed Eldesoky escribió:
> I don't use natting, do I still need that helper ???
You just need the ip_conntrack_ftp.o helper.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ftp connection tracking on multiple ports
2004-10-28 12:41 ` Jason Opperisano
@ 2004-10-31 7:34 ` Mohamed Eldesoky
0 siblings, 0 replies; 8+ messages in thread
From: Mohamed Eldesoky @ 2004-10-31 7:34 UTC (permalink / raw)
To: netfilter
Well, I did that before posting to the list.
Now I doubt it is a networking problem !!! there are reasons to doubt.
On Thu, 28 Oct 2004 08:41:29 -0400, Jason Opperisano <opie@817west.com> wrote:
> On Thu, 2004-10-28 at 06:18, Mohamed Eldesoky wrote:
>
>
> > Dear all,
> >
> > I have a server that runs FTP on two ports, port 21 and port 45 (for
> > strange reasons)
> > Now, i want conntrack to track the connections of both ports and their
> > data ports !!
> >
> > I did that in my firewall script
> > /sbin/modprobe ip_conntrack_ftp ports=21,45
> > $IPTABLES -A linweb_chain -p tcp -m multiport --destination-port
> > 80,21,45 -j ACCEPT
> >
> > Is that all I need ??
>
> iptables -A linweb_chain -m helper --helper ftp -j ACCEPT
>
> -j
>
> --
> Jason Opperisano <opie@817west.com>
>
>
--
Mohamed Eldesoky
www.eldesoky.net
RHCE
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2004-10-31 7:34 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-28 10:18 ftp connection tracking on multiple ports Mohamed Eldesoky
2004-10-28 10:21 ` George Alexandru Dragoi
2004-10-28 10:40 ` Mohamed Eldesoky
2004-10-28 12:41 ` Jason Opperisano
2004-10-31 7:34 ` Mohamed Eldesoky
-- strict thread matches above, loose matches on Subject: below --
2004-10-28 10:40 Sneppe Filip
2004-10-28 11:10 ` Mohamed Eldesoky
2004-10-30 21:00 ` Jose Maria Lopez
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.