Firewall and FTP

Christian Lescuyer cl at l-improviste.com
Sat Nov 9 16:56:42 PST 2002


> I tried to grant access to Internet-FTP-sites for my LAN whith enabling
> port 21 exactly as i had enabled port 80 for http. I could connect to
> sites and login successfully but then got timed out every time on any
site.
>
> I searched the net and found out, that this is not a surprise, because
> port 21 is only used as a kind of ftp-handshaking and that the
> data-transfer is handled on a separate port. For that port is not always
> the same, how can one now build a firewall with ftp going through ? That
> question, the sites i found haven't answered understandable for me.

Have a look at the ftp_conntrack module, ip_conntrack_ftp and maybe
ip_nat_ftp.

Christian


-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list