Re: allowing passive FTP from the outside

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Justin Zygmont wrote:
I know the problem is because a nonexistent iptables rule, i'm just at a
loss as to what the missing rules should look like. The only thing that is different in this case is that I need to use port 221 for FTP instead of 21, and I don't see why this should require special routing. ftp_conntrack modules are loaded. This is the relevant part of my current firewall script.

Since you are using non-standard port, you need to tell connection tracking and NAT modules ports they need to watch (by default, they watch only port 21):


# modprobe ip_conntrack_ftp ports=21,221

Depending on your network configuration, you may or may not need additional ports for ip_nat_ftp. If you are running ftp server on your NAT-ing firewall (as it appears to be the case), you don't need it, since no NAT-ing is occuring for incomming traffic. If your FTP server is behind the firewall (DNAT), than you would need to instruct ip_nat_ftp about changed port too.

In case you need it, here's the line:

# modprobe ip_nat_ftp ports=21,221

Make sure you first load ip_conntract_ftp (since ip_nat_ftp would cause ip_conntract_ftp to be autoloaded, probably with default port number).

Note that you'll need to unload those two modules prior to doing modprobe (if they were already loaded).

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux