> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Askar Ali > Sent: Monday, December 19, 2005 7:09 AM > To: TAC Forums > Cc: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: Firewall and a FTP server > > TAC Forums wrote: > > >Hi All, > > > >We have a FTP server, (Red Hat Linux 7) behind a firewall, the > > > > > why are you still using historic version of rh ? :) > > >firewall allows only incomming and established connections on ports > >20,21 from any where and evry where. > > > >The Problem is, when the customers use FTP clients, the > manage to login > >, but cannot upload/download files if they use PASSIVE FTP > connections. > > > >Can smeone suggest, how the best way to get out of this situation, > >should we enable all ports above 1023? > > > >Regards, > >Boskey > > > >-- > >TAC Support Team > > > > > > > > > hi Tac > > verify that modules > > ip_conntrack_ftp > ip_nat_ftp > > are loaded, if not try to load them with "modprobe > ip_conntrack_ftp" and put it in your firewall startup script > so that modules at boot time. > > > > > regards, > > askar If you don't have those modules in the kernel you will need to open up NEW connections for the passive ports on your FTP server or recompile your kernel. I've done the port-opening thing when recompiling the kernel on a live firewall was more downtime than the PTB were willing to accept. Derick Anderson
