[Shorewall-users] pasv ftp
Mon, 21 Jan 2002 06:41:45 -0800
On Monday 21 January 2002 02:22 am, Christophe Zwecker wrote:
> On Sat, 2002-01-19 at 14:51, Tom Eastep wrote:
> > On Saturday 19 January 2002 05:36 am, I wrote:
> > > I don't have to open them -- they will be opened dynamically at the
> > > time of the PASV command. This of course assumes ftp connection
> > > tracking in your kernel or that you have loaded the ip_conntrack_ft=
> > > module.
> > BTW -- Shorewall automatically loads ip_conntrack_ftp and ip_nat_ftp =
> > they exist in the MODULESDIR (usually
> > /lib/modules/`uname -r`/kernel/ipv4/netfilter).
> Hm, Ich checked, I have that module loaded but its state (unu
> As of know I have to leave ports 2000-2100 open, my ftp server uses
> those for pasv connections, Id rather use the ip_conntrack_ftp Option
> tho. Is it of any matter that my ftp server uses a non standard port
> (24562) ??
Er -- just how do you think ip_conntrack_ftp knows that port 24562 is FTP=
unless you tell it?=20
In /etc/modules.conf (or whatever your distro calls it), add:
options ip_nat_ftp ports=3D21,24562
options ip_conntrack_ftp ports 21,24562
And, you will have to unload/reload those two modules.
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com