On 10/05/07 02:16, Indunil Jayasooriya wrote:
What is FTP helper module?
As I understand it, the Connection Tracking FTP helper module is
essentially a small module / algorithm that you load in to the
Connecting Tracking structure (via the below modules) to watch what ftp
commands you send out and / or receive so that it can dynamically on the
fly update the connection tracking table to allow the other negotiated
ports that FTP uses through statefull packet inspection. In other words
you should not need to write explicit rules for control and data
connections be it active or passive.
is it ip_nat_ftp ?
Yes.
ANYWAY, I have loaded below 2 modules.
/sbin/modprobe -a ip_conntrack_ftp ip_nat_ftp
YOUR COMMENTS.
That should work.
I'll have to double check some things to make sure that you don't need
to do any thing special other than just allow the initial connection and
rely on the FTP connection tracking helper to handle all other connections.
I've never run an FTP server behind a NAT, but I've never had a problem
with the FTP client behind the NAT with the above modules loaded.
Though it is my understanding that the module will take care of both.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
