Thank you for clearing that up. I must have not installed/invoked the ftp connection tracking modules for iptables then... Ray On Tue, 2002-12-10 at 13:52, Jozsef Kadlecsik wrote: > On 10 Dec 2002, Raymond Leach wrote: > > > OK, then how does connection tracking work for passive ftp? > > The FTP connection tracking and NAT helper modules support active (PORT, > EPRT) and passive (PASV, EPSV responses) ftp as well. In both cases the > command channel is monitored and the commands/responses are parsed. As the > appropriate patterns detected, the system digs out the announced > port (address) and prepares to accept the data channel. > > At iptables level there is no difference whatsoever between active/passive > modes in letting in/NATing them. > > Regards, > Jozsef > - > E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : KFKI Research Institute for Particle and Nuclear Physics > H-1525 Budapest 114, POB. 49, Hungary -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ( Raymond Leach ) ) Knowledge Factory ( ( ) ) Tel: +27 11 445 8100 ( ( Fax: +27 11 445 8101 ) ) ( ( http://www.knowledgefactory.co.za/ ) ) http://www.saptg.co.za/ ( ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ o o o o .--. .--. | o_o| |o_o | | \_:| |:_/ | / / \\ // \ \ ( | |) (| | ) /`\_ _/'\ /'\_ _/`\ \___)=(___/ \___)=(___/
Attachment:
signature.asc
Description: This is a digitally signed message part
