RE: [expert] best way to firewall FTP?

Jose M. Sanchez Thu, 06 Jul 2000 19:22:34 -0700
I hope you installed MASQ and are maquerading all of the computers.

CuteFTP, 3DFTP and almost all FTP clients (including the browser) work with
masq properly IF you've loaded the ip_masq_ftp module.

The ports you "left" open will interfere with Masq working with other
applications as well.

Make sure you load ALL if the Masq modules...

I.E.

/sbin/depmod -a
/sbin/modprobe ip_masq_autofw
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_mfw
/sbin/modprobe ip_masq_portfw
/sbin/modprobe ip_masq_quake
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_user
/sbin/modprobe ip_masq_vdolive
/sbin/modprobe ip_masq_icq
/sbin/modprobe ip_masq_h323
/sbin/modprobe ip_masq_pptp
/sbin/modprobe ip_masq_pptp
/sbin/modprobe ip_masq_ipsec
/sbin/modprobe ip_gre
/sbin/modprobe ipip
/sbin/modprobe rarp

And have properly set up masq...

Remember that you -MUST- turn on routing in Linuxconf (or manually), even
though the first thing your firewall rules should do is deny routing!

Then try a simple MASQ setup...

I.E.


sbin/ipchains -P forward DENY
sbin/ipchains -A forward -j MASQ -s 10.0.0.0/8 -d 0.0.0.0/0

And check to see how FTP works with this.

-JMS

|-----Original Message-----
|From: turgut kalfaoglu [mailto:[EMAIL PROTECTED]]
|Sent: Wednesday, July 05, 2000 8:07 AM
|To: [EMAIL PROTECTED]
|Subject: [expert] best way to firewall FTP?
|
|
|-----BEGIN PGP SIGNED MESSAGE-----
|
|I recently installed my first firewall at a customer's site
|running Mandrake 7.1..
|
|It was a classic setup, and I wish I had more examples than the
|HOWTO manuals.
|
|The Linux PC has two ethernet cards, one hooked up to the internet,
|the other, to their local network.
|
|Local network wants to use FTP, naturally.. Both via browsers, via
|"cute things"
|like GetRight, or just via their web browsers. I was forced to leave open
|a large hole, like ports 1024 -> 5999 and 6010: .. Is there a
|better way, short
|of installing Squid (the machine doesnt have the horsepower for squid)..
|
|Thanks, -turgut
|
|- --
|[EMAIL PROTECTED]      - Put "Send PGP" in Subject to obtain my
|PGP signature.
|Find-It! Web Search Engine:  http://find.egenet.com.tr
|http://bbsturk.bbs.tr
|
|-----BEGIN PGP SIGNATURE-----
|Version: 2.6.3a-sha1
|Charset: noconv
|
|iQCVAwUBOWMk8zJjYwErN0xZAQGUWwP+LDKIvGQbPqg3Wr7sSAc47+xRDvnqD0kG
|oY6OGIHHi5e32jaHwghql85+W3csBrebsG/iYre9FyFM9p+ZCbU8bUgFQQL+cXy9
|x1D/K1eSn8fT8e8v/iGBDLzxCcgWLFuQvxR8gqmmI8GkgKOv/k8yzyrH0W16N3L7
|0wXTxi6vq0k=
|=k4RT
|-----END PGP SIGNATURE-----
|
|
|Windows Error 01C: Uncertainty error. Uncertainty may be inadequate.
|
RE: [expert] best way to firewall FTP?

Reply via email to
