FTP server under DMZ or LAN
Jeff Waller
jeffw@141monkeys.org
Thu, 18 Oct 2001 20:34:32 -0400
Johnny Tang wrote:
> Make sure you're allowing udp as well as tcp
What? No, dude, ftp does not use udp.
I think this is a matter of not passing the right arguments to
the ip_conntrack_ftp module to allow incomming connections
when the ftp server is operating in passive mode (see one of
the previous messages). Or perhaps an example of having the
server operating in active mode while the client is behind a
firewall that doesn't allow active mode ftp.
>
> Thanks,
> Fei
>
>
>> From: "Cristiano Costa" <cristianosurf@hotmail.com>
>>
>>
>> I´m having problems in making a connection to a ftp server under the
>> iptables firewall, I´m using Red Hat 7.1 in the firewall.
>> The problem is: when I connect to FTP server, this accept my connection,
>> user name and passord, but when I try to list files I receive the
>> following
>> message:
>> Can´t open data connection
>>
>> I´m using ip_conntrack_ftp
>> I´m making sndat and dnat to ftp to ports 20 and 21, this ftp server may
>> stay in DMZ or LAN, in anyone of theses I have sucess to make a
>> transfer or
>> file list.
>> I make forward for ports 20 and 21 from INET_IFACE to DMZ_IFACE or
>> LAN_IFACE
>> too.
>> If anybody know something about this problem please helpme and if
>> anybody
>> have a sample script to make this please sendme.
>
>
> Get your FREE download of MSN Explorer at
> http://explorer.msn.com/intl.asp