[ale] Linux 2.2.19 IPCHAINS Firewall + FTP woes

[J.M. Taylor]

If I remember correctly, passive FTP is going to be nigh on impossible
with IP Chains, or rather, without connection tracking.  You're looking at
unblocking many high ports to allow FTP to bump you up to a high numbered
data port...afaik, it just isn't going to work out very well.

I *think* if you do active FTP it's 20 for the data port and 21 for the
connection but I've not actually ever set up anything that way. :|

I really hope someone else can be more helpful...when I was getting
started with ipchains the solution was to only protect ports 1024 and
below, or to not allow FTP, which is no kind of solution at all.

Good luck,
jenn

Nathan J. Underwood said:
> An associate has a linux firewall running RH Linux (kernel 2.2.19),
> ipchains 1.3.9 to protect a small firm (~5 users).  This has worked well
> in the past, but now he needs to put a FTP server behind it (currently
> has webserver, and mail server behind it).  It's been a very long time
> since I've worked with the 2.2.x kernel, and an ipchains firewall for
> that matter, but I definately remember losing some hair over trying to
> get FTP to work from behind it.  We can get to the box, and log into the
> FTP server, but we are unable to get a directory listing.  I have
> verified that ip_masq_ftp is loaded, but lsmod reports that it's unused
> (see below).  Any ideas?  What am I missing?  Many thanks
>
>
> lsmod
> Module                  Size  Used by
> ip_masq_ftp             3740   0  (unused)
> ip_masq_portfw          2656  48
>
>
> --
> Nathan J. Underwood
> nathan at cybertechcafe.net
> http://www.cybertechcafe.net
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale