firewall question

Marco A. Ramos mramos at sanyoval.net
Thu May 12 19:07:30 UTC 2005 

OK

>>Then the question is how to let ftp server know to use the specific range
>>of ports. We use wu-ftpd-2.6.1-20.

It depends of your FTP server, for example I use Pure-ftpd (pureftpd.org)
and this FTP server has the option to define the port range. "-p
50301:50500"

>>For "send ip own IP address", do you mean that I just include their ip in
>> the firewall and trust that ip?

If your FTP server is on the same server where the firewall is, you don't
have problems with this.

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com]On Behalf Of Jessica Zhu
Sent: Thursday, 12 May, 2005 11:47 AM
To: General Red Hat Linux discussion list
Subject: RE: firewall question



On Thu, 12 May 2005, Marco A. Ramos wrote:

> As you say you have two options:
>
> a) To force all users, to work as nonpasive method (Remenber open the data
> port (tcp/20)

That's what I already did.

-A input -s xxx.xxx.xx.0/24 -d 0/0 20 -p tcp -y -j ACCEPT

>
> b) Enable the Passive method on your firewall, to made it, you have to
> determine some port in your ftp server, this mean, that your ftp server
must
> to use an especific range of ports (for example 50000-50500) and then open
> that range in your firewall. Other point it to consider that the FTP
server
> will send ip own IP address, for the passive connection.

Then the question is how to let ftp server know to use the specific range
of ports. We use wu-ftpd-2.6.1-20.

For "send ip own IP address", do you mean that I just include their ip in
the firewall and trust that ip?

Jessica


>
> Good Luck
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]On Behalf Of Bartosz Brewinski
> Sent: Thursday, 12 May, 2005 11:30 AM
> To: redhat-list at redhat.com
> Subject: Odp: firewall question
>
>
> Maybe "BBedit" is not configured (or can't be) for passive ftp while the
> other ftp clients used in the office are using passive ftp connections ?
>
> Maybe it would be sufficient to persuade BBedit to use passive connection
> method ?
>
> Hope this helps.
>
> bartek
>
> >>> jessica at mathforum.org 2005-05-12 20:21 >>>
> Hi,
>
> I set up the firewall on an old linux(7.1) server using ipchains which
> allows ftp within our network. After the firewall up, some users in the
> office who using Bbedit on Macintosh complained that they cannot ftp to
> the server any more although there is no problem to use other ftp
> programs.
>
> My final solution is to trust the ips from those users using BBedit and
> accept all from them. However, I thought this is not the best and secure
> solution. Just wondering whether anybody on the list can help me figure
> out the better solution.
>
> Thanks!
>
> Jessica
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list