|
Hi,
I'm building an Internet Firewall and I have a
problem with FTP filtering.
I've a router between my DMZ and my internal
network. This router is a linux box running ipfwadm.
I allow FTP connections in passive mode between
my DMZ and my internal network.
I know that :
- data channel is established by ftp client from
port above 1023 to port above 1023 on ftp server.
- the server answers to a
port above 1023 with the ACK bit set to 1.
Am I wrong ?
The problem happens when I activate filtering with the ACK bit on the data channel :
there's no connection.
But without the ACK bit set, the connection is
established.
Please, can you give me some clues.
Regards, Tarkan. |
- ACK bit in a passive mode FTP connection Tarkan Hocaoglu
- Re: ACK bit in a passive mode FTP connection Tarkan Hocaoglu
- Re: ACK bit in a passive mode FTP connection Chris Brenton
- Re: ACK bit in a passive mode FTP connection Frank Heinzius
