Quoth Joel Hammer: > I want to be able to ftp to a linux box behind a firewall linux box from > the outside. I need to configure the ftp server and the firewall. > > I assume, since the "outside" client is also behind a firewall, I may be > using passive mode for the transfer. I am using ipchains and ipmasqadm. I > am running an ftp server on the firewall linux box, too. This ftp server > on the firewall box is using ports 20 and 21. > > In the active transfer mode, it seems straightforward to have the > outside client ftp to a special command port, say port 27 instead of > 21. I can set up the firewall linux box to send all requests on port 27 > to my ftp server behind the firewall to the usual command port. But, > here is where where I need help. How do I tell the client what the data > port is on the server? Does the ftp server send the data port back as a > data packet, or does the ftp client assume the data port number is the > port on the server making the connection to the client's data port? Could > ipmasqadm simply switch outgoing port numbers?
I would think which ports to use are part of the protocol negotiation. > The second question is for passive mode. Here, the ftp server sends back the > temporary port to use for data transfers. There is supposed to be a way to > restrict which ports are sent back by the server. However, the method > suggested is changing an include file and, I suppose, recompiling the ftp > daemon. Is there a configuration file which would do this? > Could I just edit the binary file, assuming I could find the current port > ranges in the binary file? Sounds hard, since it will be numbers, not > strings. This depends on the underlying FTP server. ProFTPd uses PassivePorts min-port-num max-port-num to specify a range of ports to be sued for ftp-data. WU-FTPd uses passive ports <cidr> <min> <max> IP addresses matching <cidr> use <min> <= port <= <max>. See also the pasv-allow directive for WU-FTPd. Kurt -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users