Configuring SuSEfirewall2 for FTP access
Hi ! I seem to have a problem regarding my firewall configuration. I want to allow my users FTP access to Internet FTP servers. However, for this to work it seems I have to allow communication over the higher ports (1024:65000) via a forwarding rule like : FW_FORWARD =" XXX.YYY.ZZZ.0/6,0./0,tcp,1024:65000" XXX.YYY.ZZZ.0/6 stands for my IP-range, these are official static IPs. I am not happy with this at all because it would leave my domain wide open, but how can I handle this differently ? I use SuSE 8.0 Pro. Thanks for the help, Jörg
On 19 Apr 2004, remote@leat.ruhr-uni-bochum.de wrote:
However, for this to work it seems I have to allow communication over the higher ports (1024:65000) via a forwarding rule like :
FW_FORWARD =" XXX.YYY.ZZZ.0/6,0./0,tcp,1024:65000"
No you don't have to. Just tell your users to set their ftp client to passive mode. Charles -- "Problem solving under linux has never been the circus that it is under AIX." (By Pete Ehlke in comp.unix.aix)
However, for this to work it seems I have to allow communication over the higher ports (1024:65000) via a forwarding rule like :
FW_FORWARD =" XXX.YYY.ZZZ.0/6,0./0,tcp,1024:65000"
No you don't have to. Just tell your users to set their ftp client to passive mode.
I did, didn´t seem to work ?! Any suggestions ?
On 19 Apr 2004, remote@leat.ruhr-uni-bochum.de wrote:
I did, didn´t seem to work ?! Any suggestions ?
Strange, works fine here. Checking these directives: FW_MASQUERADE FW_MASQDEV FW_MASQ_NETS in /etc/sysconfig/SuSEfirewall2 Charles -- But what can you do with it? -- ubiquitous cry from Linux-user partner. (Submitted by Andy Pearce, ajp@hpopd.pwd.hp.com)
participants (2)
-
Charles Phlip Chan
-
remote