Re: ftp/scp port forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2004-06-29 at 01:05, Marius Andreiana wrote:
> On Mon, 2004-06-28 at 23:56 -0700, Florin Andrei wrote:

> > Edit /etc/sysconfig/iptables-config and add:
> > 
> > IPTABLES_MODULES="ip_nat_ftp"
> Added it and now it works!

:-)

It's prudent to add that config bit to any Linux box that works as a NAT
firewall and routes FTP traffic. Even do that to small NAT boxes that
provide Internet access to a small office or something - you know, the
SOHO type of thing.

This is what i add to all my Linux NAT firewalls that have browsers
behind them:

IPTABLES_MODULES="ip_nat_ftp ip_nat_irc"

You can find the other NAT protocol helper modules like this:

find /lib/modules/`uname -r`/kernel -name ip_nat_*

> ip_conntrack was also loaded, but I didn't specified it manually.

Yeah, that's because of dependencies and whatnot. Modules _usually_
automagically load up their own dependencies.

> Thanks a lot Florin! I'm googling now for ip_nat_ftp and vsftpd
> passv_address options to learn more, it's the first time I hear about
> them after reading many examples of ftp port forwarding.

Well, if ip_nat_ftp works for you, then you don't have to worry about
unusual options in the ftpd config. It's all handled by the firewall
now.
BTW, you probably don't have to forward port 20 now, but go ahead and
experiment first, don't take my word for it.

-- 
Florin Andrei

http://florin.myip.org/




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux