ftps and iptables

Taylor, Grant gtaylor at riverviewtech.net
Thu Aug 18 21:52:31 CEST 2005


Try looking in to a reverse proxy (Squid) that support SSL.  This way your clients would FTPS to the proxy box which would in turn connect to the FTPS server behind the firewall.



Grant. . . .

Derick Anderson wrote:
> By default FTPS (FTP over SSL, not to be confused with FTP/SSH or SFTP)
> runs on port 990. It also sounds like you're using passive mode - if so
> you may need to open those ports as well. It would make sense to me
> (although I don't know) that conntrack_ftp could only track unsecured
> FTP sessions since the only indication of a port change is in the packet
> data (which would be encrypted). Someone may know better than I, though.



More information about the netfilter mailing list