On Wed, 2003-03-19 at 07:13, Tru64 User wrote: > Hi, > > Struggling to setup an anonymous ftp site on a server > running iptables. > > Have no idea what ports to let open for clients coming > from all different backgrounds. > > By turning off firewall, and monitoring connections, i > have seen ftp-data on 1471, 1472 and other connections > on 37025 or 18002 and 18003 > > Any magical ways of dealing with this? > Mandy 8.2 proftpd-1.2.5rc1 and iptables 1.2.5 > > _Thanks > > Richard
FTP is an ugly ugly protocol. It requires stateful inspection to work worth a damn behind a firewall. You'll be wanting the ftp masquerade module to implement that stateful inspection. Most firewall scripts will automate setting this sort of thing up for you, and it's a little easier than using your own iptables scripts. See shorewall, gshield, firestarter, &c. -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com