Setting the directive below in proftpd.conf and allowing similar ports to get thru iptables seems to have solved the problem.
PassivePorts 60000 65535 Iptables settings:: -A INCOM-Rules -d ip_of_server -p tcp -m tcp --dport 60000:65000 -j ACCEPT _Thanks Much Richard --- Jack Coates <[EMAIL PROTECTED]> wrote: > On Wed, 2003-03-19 at 07:13, Tru64 User wrote: > > Hi, > > > > Struggling to setup an anonymous ftp site on a > server > > running iptables. > > > > Have no idea what ports to let open for clients > coming > > from all different backgrounds. > > > > By turning off firewall, and monitoring > connections, i > > have seen ftp-data on 1471, 1472 and other > connections > > on 37025 or 18002 and 18003 > > > > Any magical ways of dealing with this? > > Mandy 8.2 proftpd-1.2.5rc1 and iptables 1.2.5 > > > > _Thanks > > > > Richard > > FTP is an ugly ugly protocol. It requires stateful > inspection to work > worth a damn behind a firewall. You'll be wanting > the ftp masquerade > module to implement that stateful inspection. > > Most firewall scripts will automate setting this > sort of thing up for > you, and it's a little easier than using your own > iptables scripts. See > shorewall, gshield, firestarter, &c. > -- > Jack Coates > Monkeynoodle: A Scientific Venture... > > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com > ===== __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
