* RE: ip_conntrack_ftp doesn't work with ftp proxy
@ 2002-11-14 8:34 Kim Leandersson
2002-11-19 14:16 ` Related but general question. (WAS:Re: ip_conntrack_ftp doesn't work with ftp proxy) Alasdair Ramsay
0 siblings, 1 reply; 2+ messages in thread
From: Kim Leandersson @ 2002-11-14 8:34 UTC (permalink / raw)
To: Thomas Boernert, netfilter
Try loading the ip_conntrack_ftp module with the option ports instead.
ip_conntrack_ftp ports=8082 should do the trick for you!
//kim
> -----Original Message-----
> From: Thomas Boernert [mailto:tb@tbits.net]
> Sent: Wednesday, November 13, 2002 10:55 PM
> To: netfilter@lists.netfilter.org
> Subject: ip_conntrack_ftp doesn't work with ftp proxy
>
>
> Hello,
>
> i hope anyone can help me.
>
> network-chart
>
> linuxbox ----- firewall ---- internet
>
> on the firewall runs a ftp proxy (suse proxy-suite on port
> 8082) i've the following rules
>
> iptables -A INPUT -p tcp -s $local_net --sport 1024:65535 -d
> $firewall_internal_ip --dport 8082 -m state --state
> NEW,ESTABLISHED -j ACCEPT
>
> ipatbles -A OUTPUT -p tcp -s $firewall_internal_ip --sport
> 8082 -d $local_net --dport 1024:65535 -m state --state
> ESTABLISHED -j ACCEPT
>
> iptables -A INPUT -p tcp -s $local_net --sport 1024:65535 -d
> $firewall_internal_ip --dport 1024:65535 -m state ESTABLISHED,RELATED
>
> .....
>
> from the client i do the following
>
> ftp ip_firewall 8082
> login to a ftp server like redhat or so
> do "ls"
> then the kernel rejects the third rule written upper.
>
> if i change the rule from RELATED to NEW, the it's working,
> but this is not a solution.
>
> Thanks for help!
>
> - Thomas
>
>
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
* Related but general question. (WAS:Re: ip_conntrack_ftp doesn't work with ftp proxy)
2002-11-14 8:34 ip_conntrack_ftp doesn't work with ftp proxy Kim Leandersson
@ 2002-11-19 14:16 ` Alasdair Ramsay
0 siblings, 0 replies; 2+ messages in thread
From: Alasdair Ramsay @ 2002-11-19 14:16 UTC (permalink / raw)
To: Kim Leandersson, netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you can pass additional information to the modules as you load them,
can you pass the same information to a module that is statically built
into the kernel? How is such information passed?
Regards
Alasdair Ramsay
Kim Leandersson wrote:
| Try loading the ip_conntrack_ftp module with the option ports instead.
|
| ip_conntrack_ftp ports=8082 should do the trick for you!
|
| //kim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE92kfO4+7BX0uR648RAqWWAJ9DFe+ts78YiTIZQiHaAu7ANlNdSQCfR5Mx
cWTAQ8VRAoz2gkZ4mq3WbLA=
=RGSK
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-11-19 14:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-14 8:34 ip_conntrack_ftp doesn't work with ftp proxy Kim Leandersson
2002-11-19 14:16 ` Related but general question. (WAS:Re: ip_conntrack_ftp doesn't work with ftp proxy) Alasdair Ramsay
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.