Reindl Harald <h.reindl@xxxxxxxxxxxxx> writes: > Am 14.11.2012 12:24, schrieb lee: >> FTP isn't using random ports. It's using two ports, and firewalls need >> to be set up correctly to deal with that. There's a kernel module for >> this very purpose. > > ftp is ALWAYS using random ports > > active: on the client side > passive: on the server side > > so on one side there must be a firewall rule or connection > tracking for sure depending on the ftp-mode, how the tracking > is made is a implementation detail There isn't anything random about these ports, see http://en.wikipedia.org/wiki/File_Transfer_Protocol > _________________________ > > and if you read dmesg-messages with recent kernels you will see > that this is in fact a topic in teh near future > > nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to > attach helpers instead. I don't know what you mean --- I haven't looked into it since a very long time, and when I did, there was an extra kernel module to handle ftp connections in combination with some firewall rules to allow traffic on the data ports. There wasn't anything random about it. So what has changed? -- Fedora 17 -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
