RE: ftp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Sorry to post the same question again .... I am at a loss as 
> to what to put for rules for my ftp server (which is behind 
> the firewall).
> I know they go on the forward chain ....
> There are going to be people connecting to it with a username 
> / password and also anonymously from outside ...
>  
> My main question I guess is should I set it up for passive or 
> active transfers ....
> Or, does the RELATED option take care of those problems >

Use ip_conntrack_ftp and ip_nat_ftp.
Something like (with information from your previous post) :

modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

$IPT -P FORWARD DROP
$IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A FORWARD -i eth0 -o eth1 -d <ip_ftpsvr> -p tcp \
  --dport 21 --j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 21 \
  -j DNAT <ip_ftpsvr>


Gr,
Rob



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux