From: Patrick McHardy <kaber@trash.net>
To: filippozeus@gmail.com
Cc: netfilter@vger.kernel.org
Subject: Re: iptables ip_conntrack_ftp + proftpd TLS: PORT command not understood
Date: Mon, 26 May 2008 22:41:13 +0200 [thread overview]
Message-ID: <483B2069.7010504@trash.net> (raw)
In-Reply-To: <483B16F7.2010205@gmail.com>
Filippo Zeus wrote:
> thanks for your help at first !
>
> yes. and i've tested tons of clients (ftp-ssl, filezilla, hated M$-IE).
> unfortunatly tcpdump has confirmed my prefeeling.
> Also, reading at proftpd log i can see that encrypted channel is
> switched off after PASS command
> and stay on only for the data channel.
>
> I'm not shure, cause i'm not a developer, but i think that
> ftp_conntrak module open a port *ONLY* if
> it read first the USER command, then the PASS command, then PASV/PORT
> commands
> not simply if a (cleartext) PORT command came from the ftp client.
Please send a tcpdump.
next prev parent reply other threads:[~2008-05-26 20:41 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-26 19:24 iptables ip_conntrack_ftp + proftpd TLS: PORT command not understood Filippo Zeus
2008-05-26 19:39 ` whiplash
2008-05-26 20:00 ` Filippo Zeus
2008-05-26 20:41 ` Patrick McHardy [this message]
2008-05-27 1:14 ` Filippo Zeus
2008-05-27 7:39 ` Patrick McHardy
2008-05-27 7:46 ` Jan Engelhardt
2008-05-27 7:49 ` whiplash
2008-05-26 22:05 ` Jan Engelhardt
2008-05-26 22:32 ` Jan Engelhardt
2008-05-26 22:32 ` whiplash
2008-05-27 1:30 ` Filippo Zeus
[not found] <483B04A8.9000405@gmail.com>
2008-05-26 18:51 ` Filippo Zeus
2008-05-26 19:07 ` whiplash
2008-05-26 19:28 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=483B2069.7010504@trash.net \
--to=kaber@trash.net \
--cc=filippozeus@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox