[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: allowing passive FTP from the outside



On Sat, 2 Apr 2005, Markku Kolkka wrote:

Justin Zygmont kirjoitti viestissään (lähetysaika lauantai, 2.
huhtikuuta 2005 12:23):
I know the problem is because a nonexistent iptables rule, i'm
just at a loss as to what the missing rules should look like.
The only thing that is different in this case is that I need
to use port 221 for FTP instead of 21,

That's what breaks everything. The FTP control connection must be on server port 21. Using a different port violates RFC 959 and ip_conntrack_ftp doesn't watch any other port for FTP traffic.

are you sure ftp_conntrack is even needed? I thought that's usually used just for stateful routing through a server, and not to connect to one from the outside. Also when I shut iptables down, it works, I can get a ftp listing.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]