[Firehol-support] ftp on non-standard port

Daniel Pittman daniel at rimspace.net
Thu Nov 13 00:59:42 CET 2008


"Andreas Unterkircher" <unki at netshadow.at> writes:

> FTP-Server on a non-standard port - anyone got this working with
> firehol?  The remote FTP server has its control channel on a
> non-standard port - 7777/tcp.

[...]

> While connecting to the control channel works perfect, the data
> channel can not be established. But it seems, that those packets are
> never passing to the necessary RELATED rules in iptables (at least the
> counter remain at zero).

Correct: nf_conntrack_ftp checks only ports that are *normally* used for
FTP control channels, not all ports, since otherwise an email with the
right string in could open random ports. ;)

] modinfo nf_conntrack_ftp
filename:       /lib/modules/2.6.24-21-openvz/kernel/net/netfilter/nf_conntrack_ftp.ko
alias:          ip_conntrack_ftp
description:    ftp connection tracking helper
author:         Rusty Russell <rusty at rustcorp.com.au>
license:        GPL
srcversion:     AC4DD50FA6E9074CE736B2F
depends:        nf_conntrack
vermagic:       2.6.24-21-openvz SMP mod_unload
parm:           ports:array of ushort
parm:           loose:bool

You want to modify the 'ports' value when the module is loaded;
configure that the way you would any module parameter on your
distribution.

Regards,
        Daniel





More information about the Firehol-support mailing list