[Firehol-support] Extending complex service FTP
Goetz Bock
bock at blacknet.de
Tue Dec 16 23:38:53 CET 2003
On Wed, Dec 17 '03 at 00:12, Costa Tsaousis wrote:
> > I have http running on M1 and ftp on M2. My ftp server is setup to
> > listen on ports 2500:2520 (one port for each virtual ftp domain).
>
> The FTP service needs an FTP conntrack module, which allows the random
> socket connection made for the data transfer by the FTP server/client,
> to be matched as RELATED to the initial request. I don't think that this
> module will understand ports 2500:2520 as FTP requests, and therefore it
> will not allow either active or passive data connections RELATED to
> these ports.
Actually it can be made to:
user at box ~$ modinfo /lib/modules/2.4.23/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
filename: /lib/modules/2.4.23/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
description: <none>
author: <none>
license: "GPL"
parm: ports int array (min = 1, max = 8)
parm: loose int
user at box ~$
so it looks like you can specify up to 8 ports where the module will try
to conntrack ftp connections. By default 21 will be used.
(You can only get 8 ports, as you can only load the module once)
--
Goetz Bock (c) 2003 as blacknet.de - Munich - Germany /"\
IT Consultant GNU FDL 1.1 secure mobile Linux everNETting \ /
X
ASCII Ribbon Campaign against HTML email & microsoft attachments / \
More information about the Firehol-support
mailing list