[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: allowing passive FTP from the outside

From: Justin Zygmont <jzygmont solarflow net>
To: Markku Kolkka <markkuk tuubi net>
Cc: fedora-list redhat com
Subject: Re: allowing passive FTP from the outside
Date: Sat, 2 Apr 2005 13:33:12 -0800 (PST)

On Sat, 2 Apr 2005, Markku Kolkka wrote:

Justin Zygmont kirjoitti viestissään (lähetysaika lauantai, 2.
huhtikuuta 2005 12:23):

I know the problem is because a nonexistent iptables rule, i'm
just at a loss as to what the missing rules should look like.
The only thing that is different in this case is that I need
to use port 221 for FTP instead of 21,


That's what breaks everything. The FTP control connection must be
on server port 21. Using a different port violates RFC 959 and
ip_conntrack_ftp doesn't watch any other port for FTP traffic.

are you sure ftp_conntrack is even needed? I thought that's usually used just for stateful routing through a server, and not to connect to one from the outside. Also when I shut iptables down, it works, I can get a ftp listing.

Follow-Ups:
- Re: allowing passive FTP from the outside
  - From: Markku Kolkka
- Re: allowing passive FTP from the outside
  - From: Robert Slade

References:
- allowing passive FTP from the outside
  - From: Justin Zygmont
- Re: allowing passive FTP from the outside
  - From: Markku Kolkka

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]