[Shorewall-users] pasv ftp

Tom Eastep teastep@shorewall.net
Sat, 19 Jan 2002 05:36:37 -0800


On Saturday 19 January 2002 03:34 am, Christophe Zwecker wrote:
> Hi,
>
> ok Im all new to this :-)
>
> for pasv ftp in your example you say for example to use ports
> 65500-65535, but i dont see that u open those ports in your example fw
> scripts..?
>
> any hints ?

I don't have to open them -- they will be opened dynamically at the time =
of=20
the PASV command. This of course assumes ftp connection tracking in your=20
kernel or that you have loaded the ip_conntrack_ftp module.

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net