* RE: ip_conntrack_ftp doesn't work with ftp proxy
@ 2002-11-14 8:34 Kim Leandersson
2002-11-19 14:16 ` Related but general question. (WAS:Re: ip_conntrack_ftp doesn't work with ftp proxy) Alasdair Ramsay
0 siblings, 1 reply; 2+ messages in thread
From: Kim Leandersson @ 2002-11-14 8:34 UTC (permalink / raw)
To: Thomas Boernert, netfilter
Try loading the ip_conntrack_ftp module with the option ports instead.
ip_conntrack_ftp ports=8082 should do the trick for you!
//kim
> -----Original Message-----
> From: Thomas Boernert [mailto:tb@tbits.net]
> Sent: Wednesday, November 13, 2002 10:55 PM
> To: netfilter@lists.netfilter.org
> Subject: ip_conntrack_ftp doesn't work with ftp proxy
>
>
> Hello,
>
> i hope anyone can help me.
>
> network-chart
>
> linuxbox ----- firewall ---- internet
>
> on the firewall runs a ftp proxy (suse proxy-suite on port
> 8082) i've the following rules
>
> iptables -A INPUT -p tcp -s $local_net --sport 1024:65535 -d
> $firewall_internal_ip --dport 8082 -m state --state
> NEW,ESTABLISHED -j ACCEPT
>
> ipatbles -A OUTPUT -p tcp -s $firewall_internal_ip --sport
> 8082 -d $local_net --dport 1024:65535 -m state --state
> ESTABLISHED -j ACCEPT
>
> iptables -A INPUT -p tcp -s $local_net --sport 1024:65535 -d
> $firewall_internal_ip --dport 1024:65535 -m state ESTABLISHED,RELATED
>
> .....
>
> from the client i do the following
>
> ftp ip_firewall 8082
> login to a ftp server like redhat or so
> do "ls"
> then the kernel rejects the third rule written upper.
>
> if i change the rule from RELATED to NEW, the it's working,
> but this is not a solution.
>
> Thanks for help!
>
> - Thomas
>
>
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
* Related but general question. (WAS:Re: ip_conntrack_ftp doesn't work with ftp proxy)
2002-11-14 8:34 ip_conntrack_ftp doesn't work with ftp proxy Kim Leandersson
@ 2002-11-19 14:16 ` Alasdair Ramsay
0 siblings, 0 replies; 2+ messages in thread
From: Alasdair Ramsay @ 2002-11-19 14:16 UTC (permalink / raw)
To: Kim Leandersson, netfilter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you can pass additional information to the modules as you load them,
can you pass the same information to a module that is statically built
into the kernel? How is such information passed?
Regards
Alasdair Ramsay
Kim Leandersson wrote:
| Try loading the ip_conntrack_ftp module with the option ports instead.
|
| ip_conntrack_ftp ports=8082 should do the trick for you!
|
| //kim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE92kfO4+7BX0uR648RAqWWAJ9DFe+ts78YiTIZQiHaAu7ANlNdSQCfR5Mx
cWTAQ8VRAoz2gkZ4mq3WbLA=
=RGSK
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-11-19 14:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-14 8:34 ip_conntrack_ftp doesn't work with ftp proxy Kim Leandersson
2002-11-19 14:16 ` Related but general question. (WAS:Re: ip_conntrack_ftp doesn't work with ftp proxy) Alasdair Ramsay
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox