Quoth Joel Hammer:
> I want to be able to ftp to a linux box behind a firewall linux box from
> the outside. I need to configure the ftp server and the firewall.
>
> I assume, since the "outside" client is also behind a firewall, I may be
> using passive mode for the transfer. I am using ipchains and ipmasqadm. I
> am running an ftp server on the firewall linux box, too. This ftp server
> on the firewall box is using ports 20 and 21.
>
> In the active transfer mode, it seems straightforward to have the
> outside client ftp to a special command port, say port 27 instead of
> 21. I can set up the firewall linux box to send all requests on port 27
> to my ftp server behind the firewall to the usual command port. But,
> here is where where I need help. How do I tell the client what the data
> port is on the server? Does the ftp server send the data port back as a
> data packet, or does the ftp client assume the data port number is the
> port on the server making the connection to the client's data port? Could
> ipmasqadm simply switch outgoing port numbers?
I would think which ports to use are part of the protocol negotiation.
> The second question is for passive mode. Here, the ftp server sends back the
> temporary port to use for data transfers. There is supposed to be a way to
> restrict which ports are sent back by the server. However, the method
> suggested is changing an include file and, I suppose, recompiling the ftp
> daemon. Is there a configuration file which would do this?
> Could I just edit the binary file, assuming I could find the current port
> ranges in the binary file? Sounds hard, since it will be numbers, not
> strings.
This depends on the underlying FTP server. ProFTPd uses
PassivePorts min-port-num max-port-num
to specify a range of ports to be sued for ftp-data.
WU-FTPd uses
passive ports <cidr> <min> <max>
IP addresses matching <cidr> use <min> <= port <= <max>. See also
the pasv-allow directive for WU-FTPd.
Kurt
--
The greatest dangers to liberty lurk in insidious encroachment by men
of zeal, well-meaning but without understanding.
-- Justice Louis D. Brandeis
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
