Hi!
I want to use active-ftp with some clients behind my gateway-pc (ipchains-masquerading)... (passive ftp works) How do I configure my ipchains-firewall to allow this?
I hope someone can help me...
PS> Deconfigure all passive ftp components and open your firewall for PS> tcp/20,21,1024:
That didn't work for me... I have "allow-all-rules" for input, ouput and forward and I didn't deny tcp/20,21,1024...
I have just deny-rules for some ports and one forwarding rule: ipchains -A forward -s 0.0.0.0/0.0.0.0 -d ! 192.168.0.0/255.255.0.0 -j MASQ
With this I can do passive ftp - but active ftp sucks... :-(
But why do you want to change it? It is not advisable. Maybe you should reconfigure your firewall the way Squid is doing http, https and pasv ftp job for you. Doing so you can save up some of the rule set and make it a more secure firewall. You could also configure Bind as a Cache DNS making it kinda DNS proxy. Then you would only have left smtp, pop3 and all the rest you need making it an easy job to configure. Philipp
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com