firewall configuring
Reindl Harald
h.reindl at thelounge.net
Wed Nov 14 14:05:18 UTC 2012
Am 14.11.2012 12:24, schrieb lee:
> FTP isn't using random ports. It's using two ports, and firewalls need
> to be set up correctly to deal with that. There's a kernel module for
> this very purpose.
ftp is ALWAYS using random ports
active: on the client side
passive: on the server side
so on one side there must be a firewall rule or connection
tracking for sure depending on the ftp-mode, how the tracking
is made is a implementation detail
_________________________
and if you read dmesg-messages with recent kernels you will see
that this is in fact a topic in teh near future
nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to
attach helpers instead.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20121114/f14bc8d7/attachment.sig>
More information about the users
mailing list