On Tue, Jul 27, 2004 at 06:55:26AM +0200, Rob Sterenborg spoke thusly: >> I have several customer FTP sites hosted on ports other than >> 21 (ex: 2001, 2002, 2003 and so on) >> >> >> Right now, the only way they can work properly is if I open ports >> 1024 to 8000 for that machines so the ftp return ports are able to >> connect. > >You would need virtual hosting I suppose, this is not a netfilter >thing. > >Reading this, you can not use name-based virtual hosting with ftp : >http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Vhost.ht >ml If what you want is for conntrack to be able to track ftp data ports, but where the control channel is not on tcp/21, the modules support arguments upon loading. `modinfo ip_conntrack_ftp` might help, also search the mailing list archives. Its been discussed before, enjoy.
