[Gllug] ftp / iptables

Paul Brazier pbrazier at cosmos-uk.co.uk
Wed Oct 31 10:13:50 UTC 2001


> normally you do get notified if you try to do something without the
> required mode ... BUT i /think/ that it doesn't quite work that way in
> this case
> 
> AIUI ftp conntrack adds ftp connections to the list of RELATED, if you
> don't have ftp-contrack inserted there is no error but ftp connections
> don't appear in the related table.
> 
> I could well be wrong about the above ...
> 
> anyway `lsmod | grep ftp` should tell you if the module is currently
> inserted

You were spot on here, Mandrake had all the iptables modules loaded
*except* ip_conntrack_ftp plus a few other ftp-related ones, and these
*aren't* loaded automatically when needed. Now I can list directories
over ftp through the firewall.

Proftpd seemed to stop doing DNS lookups for some reason but I added a
"ReverseDNSLookup off" to /etc/proftpd.conf just in case.
"IdentLookups off" didn't seem to work, for some reason the client was
trying to connect from its port 113 to a high port on the server (I
thought it should be the other way round). The only way I could stop the
delay was to set the firewall to allow all connections from source port
113 to *any* destination port on the server which isn't ideal.

I'm using the proftp client and running proftpd through xinetd - not
sure if this is relevant.



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the originator.

This footnote also confirms that this email message has been checked
for the presence of computer viruses.

**********************************************************************


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list