ftp/scp port forwarding
Florin Andrei
florin at andrei.myip.org
Tue Jun 29 18:22:12 UTC 2004
On Tue, 2004-06-29 at 01:05, Marius Andreiana wrote:
> On Mon, 2004-06-28 at 23:56 -0700, Florin Andrei wrote:
> > Edit /etc/sysconfig/iptables-config and add:
> >
> > IPTABLES_MODULES="ip_nat_ftp"
> Added it and now it works!
:-)
It's prudent to add that config bit to any Linux box that works as a NAT
firewall and routes FTP traffic. Even do that to small NAT boxes that
provide Internet access to a small office or something - you know, the
SOHO type of thing.
This is what i add to all my Linux NAT firewalls that have browsers
behind them:
IPTABLES_MODULES="ip_nat_ftp ip_nat_irc"
You can find the other NAT protocol helper modules like this:
find /lib/modules/`uname -r`/kernel -name ip_nat_*
> ip_conntrack was also loaded, but I didn't specified it manually.
Yeah, that's because of dependencies and whatnot. Modules _usually_
automagically load up their own dependencies.
> Thanks a lot Florin! I'm googling now for ip_nat_ftp and vsftpd
> passv_address options to learn more, it's the first time I hear about
> them after reading many examples of ftp port forwarding.
Well, if ip_nat_ftp works for you, then you don't have to worry about
unusual options in the ftpd config. It's all handled by the firewall
now.
BTW, you probably don't have to forward port 20 now, but go ahead and
experiment first, don't take my word for it.
--
Florin Andrei
http://florin.myip.org/
More information about the fedora-list
mailing list