On 1999-03-16T14:46:33,
"Nicholas J. Leon" <[EMAIL PROTECTED]> said:
> So, you have to open up all ports > 1024 on your ftp server incoming from
> the outside? Just to support PASV. Of course, with normal connection, at
> least you can open them up only to ftp-data sourced packets.
Thats basically right. To solve this, you need a real firewall (which examines
the ftp connection and only opens the required paths) and not a mere packet
filter.
I am still looking for the perfect stable firewall addon to Linux 2.2 ;-)
I guess a stupid ftp protocol parser could be linked into ipchains usermode
hooks and then dynamically modify the firewall rules? Problem is that it needs
to keep track of the connection itself.
Sincerely,
Lars Marowsky-Br�e
--
Lars Marowsky-Br�e
Network Management
teuto.net Netzdienste GmbH - DPN Verbund-Partner
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
