[Firehol-support] ftp passiveports
Costa Tsaousis
costa at tsaousis.gr
Fri Feb 4 19:41:19 GMT 2005
Hi,
FireHOL automatically selects (for passive FTP):
1. DEFAULT_CLIENT_PORTS (by default set to 1024:65535) if the ports used
refer to a remote host.
2. LOCAL_CLIENT_PORTS (probed by kernel config, most linux kernels set
this to 32768:65000) if the ports used refer to a local host.
In all cases, FireHOL allows passive FTP as with state RELATED, meaning
that the iptables connection tracker has successfully intercepted a
passive ftp connection.
As of v1.226, you cannot change this behaviour. You can of course overload
the service definition. Check the manual for this.
Costa
> In proftpd.conf I insert the line
> PassivePorts 25400 29999
> then firehol dont allow passive ftp-transfer from a client.
>
> Active mode is working OK.
>
> When I skip the line PassivePorts 25400 29999 in proftpd.conf then passive
> mode is working fine.
>
> The ftp-server is invoked via xinetd
>
> Is there any firehol-parameters to setup which ports are passive ftp
> ports.
>
>
> regards, Klavs
More information about the Firehol-support
mailing list