From: Stef Coene <stef.coene@docum.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] why dont packets go where i want?
Date: Fri, 18 Oct 2002 06:41:42 +0000 [thread overview]
Message-ID: <marc-lartc-103492336706887@msgid-missing> (raw)
In-Reply-To: <marc-lartc-103484229426470@msgid-missing>
On Friday 18 October 2002 08:21, Francois Dessart wrote:
> Thanks for this explanation.
>
> > Passive FTP does not use tcp/20 at all. Instead of the server
>
> connecting
>
> > to the client, the client connects to the server for data transfers.
>
> The
>
> > server chooses an arbitrary port for the client to connect to. The
>
> intent
>
> > of passive FTP was to work around firewalls that don't permit inbound
> > connections.
>
> So with passive FTP, both ports (source and dest) are dynamic. Correct?
>
> How to match this data tranfer with iptables?
There is a -m helper option so you can load additional modules. There is a
module that matches ftp packets (both data and control), but I don't know the
syntax. A google search on "iptables -m helper ftp" will help
http://www.netfilter.org/documentation/pomlist/pom-oldnat.html#helper :
If you want to match all packets belonging to ftp-sessions:
(both ftp-command and ftp-data connections)
iptables -A INPUT -m helper --helper ftp -j ACCEPT
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2002-10-18 6:41 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-17 8:09 [LARTC] why dont packets go where i want? Kertész Viktor
2002-10-17 8:36 ` Francois Dessart
2002-10-17 8:38 ` Francois Dessart
2002-10-17 9:01 ` Kertész Viktor
2002-10-17 9:09 ` Walter Haidinger
2002-10-17 9:29 ` Kertész Viktor
2002-10-17 9:44 ` Francois Dessart
2002-10-17 10:02 ` Walter Haidinger
2002-10-17 10:26 ` Kertész Viktor
2002-10-17 10:44 ` Stef Coene
2002-10-17 11:01 ` Walter Haidinger
2002-10-17 12:16 ` Kertész Viktor
2002-10-17 13:20 ` Walter Haidinger
2002-10-17 13:25 ` Michael T. Babcock
2002-10-17 16:00 ` James Sneeringer
2002-10-17 20:04 ` Walter Haidinger
2002-10-18 6:21 ` Francois Dessart
2002-10-18 6:41 ` Stef Coene [this message]
2002-10-18 17:42 ` James Sneeringer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103492336706887@msgid-missing \
--to=stef.coene@docum.org \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.