firewall configuring
lee
lee at yun.yagibdah.de
Wed Nov 14 17:01:58 UTC 2012
Reindl Harald <h.reindl at thelounge.net> writes:
> Am 14.11.2012 12:24, schrieb lee:
>> FTP isn't using random ports. It's using two ports, and firewalls need
>> to be set up correctly to deal with that. There's a kernel module for
>> this very purpose.
>
> ftp is ALWAYS using random ports
>
> active: on the client side
> passive: on the server side
>
> so on one side there must be a firewall rule or connection
> tracking for sure depending on the ftp-mode, how the tracking
> is made is a implementation detail
There isn't anything random about these ports, see
http://en.wikipedia.org/wiki/File_Transfer_Protocol
> _________________________
>
> and if you read dmesg-messages with recent kernels you will see
> that this is in fact a topic in teh near future
>
> nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to
> attach helpers instead.
I don't know what you mean --- I haven't looked into it since a very
long time, and when I did, there was an extra kernel module to handle
ftp connections in combination with some firewall rules to allow traffic
on the data ports. There wasn't anything random about it. So what has
changed?
--
Fedora 17
More information about the users
mailing list