On Fri, 12 Jul 2002, SB CH wrote:
> I would like to forward ftp request to other server's other port to improve
> the security. Is it possible?
The added protection is not that big. (If your ftp server is broken it
will take just a little longer to be broken into.)
> for example,
> I would like to forward ftp request using port 26 to 211.1.1.1 port 100 or
> same port(26).
> So, I configured like this(xinetd.conf) .But this is not work
>
> service ftp-proxy
> {
> flags = REUSE
> socket_type = stream
> protocol = tcp
> wait = no
> user = root
> groups = yes
> server = /usr/sbin/tcpd
> redirect = 211.1.1.1 26
> }
>
> Surely, any service which use just one port works well,
> but FTP use two port as you know.
Rewrite the FTP protocol. You need to be able to handle the specific
nature of FTP traffic and that will not work with just a port redirector.
BTW: There is no practical reason to use ftp for just about anything that
can not be solved by other protocols like SSH (encryption) or http
(simpeler from a network point of view).
Hugo.
--
All email send to me is bound to the rules described on my homepage.
[EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
