Re: [suse-security] kernel 2.4: ipchains and ip_masq_ftp
Hi, yeh you're right. But I think you should switch to iptables, if you want to use kernel 2.4.x. Maybe you should use a 2.2.19 if you want to be able to use ipchains and ip_masq_ftp. By the way the ftp-connections with iptables and ip_conntrak_ftp works much better and faster. MfG. Stefan Walther stefan_walther@gehag-dsk.de dienst.: +4930/89786448 Funk: +49172/3943961 Hi, what can I do, when I want to run my old ipchains-configuration file on an 2.4 kernel I can load the ipchains-Module but there is no ip_masq_ftp Module any longer. INTERNOLIX AG Kai Elsner Network-Administrator elsner@internolix.com
On 2001.07.31 11:59:16 +0100 Stefan_Walther@gehag-dsk.de wrote:
yeh you're right. But I think you should switch to iptables, if you want to use kernel 2.4.x. Maybe you should use a 2.2.19 if you want to be able to use ipchains and ip_masq_ftp.
By the way the ftp-connections with iptables and ip_conntrak_ftp works much better and faster.
One thing to bear in mind with this approach : AFAIK the stock SuSE 7.2 2.4.4 kernel hasn't been patched to close the serious security hole in ip_conntrack_ftp, so if security is of any importance at all, and you have to allow FTP, 2.2.19 is probably better. just my 2 cents. Maf.
MfG.
Stefan Walther stefan_walther@gehag-dsk.de dienst.: +4930/89786448 Funk: +49172/3943961
Hi,
what can I do, when I want to run my old ipchains-configuration file on an 2.4 kernel I can load the ipchains-Module but there is no ip_masq_ftp Module any longer.
INTERNOLIX AG Kai Elsner Network-Administrator
elsner@internolix.com
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
participants (2)
-
maf king -
Stefan_Walther@gehag-dsk.de