Re: ftp masq on non standard ports not working

To: Mike Egglestone <megglestone@heritage.sd57.bc.ca>
Cc: debian-firewall@lists.debian.org
Subject: Re: ftp masq on non standard ports not working
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Fri, 22 Mar 2002 10:56:45 +0100
Message-id: <[🔎] 20020322095645.GA26080@lina.inka.de>
In-reply-to: <[🔎] 1016760383.3c9a883f4ed58@heritage.sd57.bc.ca>
References: <[🔎] 1016760383.3c9a883f4ed58@heritage.sd57.bc.ca>

On Thu, Mar 21, 2002 at 05:26:23PM -0800, Mike Egglestone wrote:
> Is there a new way to fix this with iptables?
> and what if the ftp server is servicing on a port other than
> the standard 21?

You have to give the FTP contrl port to ip_conntrack_ftp and/or ip_nat_ftp:

/sbin/modinfo ip_conntrack_ftp
filename: /lib/modules/2.4.17-xfs/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
description: <none>
author:      <none>
license:     "GPL"
parm:        ports int array (min = 1, max = 8)
parm:        loose int
3ecki@calista:~> /sbin/modinfo ip_nat_ftp
filename:    /lib/modules/2.4.17-xfs/kernel/net/ipv4/netfilter/ip_nat_ftp.o
description: <none>
author:      <none>
license:     "GPL"
parm:        ports int array (min = 1, max = 8)

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

References:
- ftp masq on non standard ports not working
  - From: Mike Egglestone <megglestone@heritage.sd57.bc.ca>

Prev by Date: Re: ftp masq on non standard ports not working
Next by Date: Source Address Verification
Previous by thread: Re: ftp masq on non standard ports not working
Next by thread: Source Address Verification
Index(es):
- Date
- Thread