[Bug 44] New: ip_conntrak_ftp / ip_nat_ftp enhancements
Thu, 06 Feb 2003 19:33:29 +0100
Summary: ip_conntrak_ftp / ip_nat_ftp enhancements
Component: connection tracking
I have a suggestion, i dont't know how good it is for you/us, and if you'll
accept it..., or if it exists already (i didn't find any answer for that).
All ftp connections are working fine... I have a dealer(server) who worked
too, but about 2 weeks ago,
they changed their ftp server a bit, what caused a little pain (data port
client ip (behind a linux firewall): 192.168.5.7
firewall (linux kernel 2.4.18 - adsl pppoe): 192.168.5.1(local) 184.108.40.206
ftp server (dealer) - 220.127.116.11
* they are not real...
When ftp client send a port command (dir, retrieve), all internals work fine,
the firewall start
listening on related port, expecting 18.104.22.168:0 mask 255.255.255.255:0;
Well, what they didnt tell me was who actually was sending data over data port
was not 22.214.171.124,
but 126.96.36.199 (i found it by my self, compiling kernel, enabling debugs,
inserting my own code,
trying to understand what was going on. I ).
After that i changed the code a bit, making related ports expect
188.8.131.52:0 mask 255.255.255.0:0
(all in ip_nat_ftp.c ** i didnt go deep, making it work for a while **),
recompiling, inserting module
and testing. Worked fine...
What i am asking is, if you could fix this for future releases (or patches),
and user could insert
rules to the related ip/ports, in user space, making it more *reliable* for
servers that we expect
is doing this.
Thanks a lot, and I really appreciate if you read and make this.
a big hug
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.