Re: Passive FTP through IPTables DNAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Le sam 06/03/2004 à 20:44, Rune a écrit :
> All  you need is having a forward rule for the ftp-data connection which
> uses the
> port below the ftp port e.g:
>     ftp at port 21
>     ftp-data at port 20

Nope. This is true for _active_ FTP, but passive ftp-data connection
uses non privilieged ports on both ends.

-- 
Cédric Blancher  <blancher@cartel-securite.fr>
Consultant en sécurité des systèmes et réseaux  - Cartel Sécurité
Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
PGP KeyID:157E98EE  FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux