* ftp_conntrack and encrypted FTP
@ 2007-11-09 11:14 Leonardo Rodrigues Magalhães
2007-11-09 12:04 ` Laszlo Attila Toth
2007-11-09 13:09 ` Martijn Lievaart
0 siblings, 2 replies; 4+ messages in thread
From: Leonardo Rodrigues Magalhães @ 2007-11-09 11:14 UTC (permalink / raw)
To: netfilter ML
[-- Attachment #1: Type: text/plain, Size: 585 bytes --]
Hello Guys,
I'm having some troubles with encrypted FTP connections. As i could
imagine, conntrack_ftp and nat_ftp are not being able of recognizing the
correct ports to open because the connection is encrypted and the PASV
information is not seen by the modules.
I dont think so ..... but is there any way of working around this ??
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 5589 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ftp_conntrack and encrypted FTP
2007-11-09 11:14 ftp_conntrack and encrypted FTP Leonardo Rodrigues Magalhães
@ 2007-11-09 12:04 ` Laszlo Attila Toth
2007-11-09 13:09 ` Martijn Lievaart
1 sibling, 0 replies; 4+ messages in thread
From: Laszlo Attila Toth @ 2007-11-09 12:04 UTC (permalink / raw)
To: Leonardo Rodrigues Magalhães; +Cc: netfilter ML
Leonardo Rodrigues Magalhães wrote:
>
> Hello Guys,
>
> I'm having some troubles with encrypted FTP connections. As i could
> imagine, conntrack_ftp and nat_ftp are not being able of recognizing the
> correct ports to open because the connection is encrypted and the PASV
> information is not seen by the modules.
>
> I dont think so ..... but is there any way of working around this ??
>
Use unencrypted ftp (which is insecure and not recommended) or forget
conntrack for this because encrypted channels cannot be on the fly
decrypted without the keys used for encryption.
--
Attila
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ftp_conntrack and encrypted FTP
2007-11-09 11:14 ftp_conntrack and encrypted FTP Leonardo Rodrigues Magalhães
2007-11-09 12:04 ` Laszlo Attila Toth
@ 2007-11-09 13:09 ` Martijn Lievaart
2007-11-09 13:45 ` Покотиленко Костик
1 sibling, 1 reply; 4+ messages in thread
From: Martijn Lievaart @ 2007-11-09 13:09 UTC (permalink / raw)
To: Leonardo Rodrigues Magalhães; +Cc: netfilter ML
Leonardo Rodrigues Magalhães wrote:
>
> Hello Guys,
>
> I'm having some troubles with encrypted FTP connections. As i could
> imagine, conntrack_ftp and nat_ftp are not being able of recognizing
> the correct ports to open because the connection is encrypted and the
> PASV information is not seen by the modules.
>
> I dont think so ..... but is there any way of working around this ??
>
Use scp instead.
HTH
M4
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ftp_conntrack and encrypted FTP
2007-11-09 13:09 ` Martijn Lievaart
@ 2007-11-09 13:45 ` Покотиленко Костик
0 siblings, 0 replies; 4+ messages in thread
From: Покотиленко Костик @ 2007-11-09 13:45 UTC (permalink / raw)
To: Martijn Lievaart; +Cc: Leonardo Rodrigues Magalhães, netfilter ML
В Птн, 09/11/2007 в 14:09 +0100, Martijn Lievaart пишет:
> Leonardo Rodrigues Magalhães wrote:
> >
> > Hello Guys,
> >
> > I'm having some troubles with encrypted FTP connections. As i could
> > imagine, conntrack_ftp and nat_ftp are not being able of recognizing
> > the correct ports to open because the connection is encrypted and the
> > PASV information is not seen by the modules.
> >
> > I dont think so ..... but is there any way of working around this ??
> >
>
> Use scp instead.
FTP dies.
--
Покотиленко Костик <casper@meteor.dp.ua>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-11-09 13:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-11-09 11:14 ftp_conntrack and encrypted FTP Leonardo Rodrigues Magalhães
2007-11-09 12:04 ` Laszlo Attila Toth
2007-11-09 13:09 ` Martijn Lievaart
2007-11-09 13:45 ` Покотиленко Костик
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.