From: Grant Taylor <gtaylor@riverviewtech.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP)
Date: Fri, 05 Oct 2007 14:18:23 +0000 [thread overview]
Message-ID: <470647AF.2090608@riverviewtech.net> (raw)
In-Reply-To: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com>
On 10/05/07 02:16, Indunil Jayasooriya wrote:
> What is FTP helper module?
As I understand it, the Connection Tracking FTP helper module is
essentially a small module / algorithm that you load in to the
Connecting Tracking structure (via the below modules) to watch what ftp
commands you send out and / or receive so that it can dynamically on the
fly update the connection tracking table to allow the other negotiated
ports that FTP uses through statefull packet inspection. In other words
you should not need to write explicit rules for control and data
connections be it active or passive.
> is it ip_nat_ftp ?
Yes.
> ANYWAY, I have loaded below 2 modules.
>
> /sbin/modprobe -a ip_conntrack_ftp ip_nat_ftp
>
> YOUR COMMENTS.
That should work.
I'll have to double check some things to make sure that you don't need
to do any thing special other than just allow the initial connection and
rely on the FTP connection tracking helper to handle all other connections.
I've never run an FTP server behind a NAT, but I've never had a problem
with the FTP client behind the NAT with the above modules loaded.
Though it is my understanding that the module will take care of both.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
prev parent reply other threads:[~2007-10-05 14:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-05 5:52 [LARTC] DNAT rule for vsftp (PASSIVE FTP) Indunil Jayasooriya
2007-10-05 6:55 ` Grant Taylor
2007-10-05 7:28 ` Indunil Jayasooriya
2007-10-05 14:18 ` Grant Taylor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=470647AF.2090608@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.