23 Jan
2002
23 Jan
'02
18:06
Am Mittwoch, 23. Januar 2002 18:47 schrieb Stephan:
Von: Alberto Tarantino [mailto:alberto.tarantino@archidata.it]
I know it might sound like a "dirty trick".. but.. why don't you use port redirection and Squid as FTP proxy? That might improve security as well as be a very easy ti implement solution.
How exactly must this be done ?
I think it won't work. ftp is a protocol which is a bit harder to manage in a firewall. I wouldn't try to use port redirection but install a ftp-proxy and configure my client programs to use this proxy. The firewall rule I would chose would be: iptables -p tcp -s ! ftpproxy/32 -d 0/0 --dport 21 -j REJECT and this would only apply to traffic from internal to external networks. Peter