hallo all Is there a howto or FAQ for ftp over a firewall or a secure ftp over a firewall. thanks for help regards dominic
On Tue, 7 Sep 1999, Dominic Santi wrote:
hallo all
Is there a howto or FAQ for ftp over a firewall or a secure ftp over a firewall.
Hello, actually there is one "pending". We (a team of 4) are currently preparing the publication (under GPL) of an FTP-Proxy as part of a Proxy-Suite. This seems to address your question. It breaks up the FTP connection, provides command control (based on USER name), extensive auditing and can make use of SSL. Programming is almost done, documentation is currently being reviewed, and we are expecting a release date roughly within the next two weeks. We'll keep you informed if you like. Unfortunately the Firewall-HOWTO (dated 1996) does not discuss the issue. And it discusses the TIS Firewall Toolkit, which is not as free as it used to be any more. Hmmm, I might as well compile a (Mini-) HOWTO and post it to the LDP... Why not... Stay tuned...
thanks for help
regards dominic
Volker -- Volker Wiegand Phone: +49 (0) 6196 / 50951-24 SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07 Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 D-65760 Eschborn E-Mail: Volker.Wiegand@suse.de ++ Only users lose drugs. Or was it the other way round? ++
* Dominic Santi
Is there a howto or FAQ for ftp over a firewall or a secure ftp over a firewall.
Are you using ipchains or ipfwadm? There was an articel (Aufbau eines Firewall mit Linux) in the computer magazine c't 3/99 regarding ipfwadm and an articel (Linux: Neue Netwerkmöglickeiten mit IP Chains) in c't 17/99 regarding ipchains. You should install the "firewall" package and depending on your kernel "ipchains" or "ipfwadm". Youl'll find them in "n" the networking series. Then you'll find "/usr/doc/packages/firewall/Firewall-Mini-Howto.txt" or HOW-TOs in "/usr/doc/packages/ipchains" or something else. ;-) Here are the rules for ipchains (I think versions 1.3.8 or better will do) and active ftp (hope I got it right): DEV_LNET="eth0" # your local ethernet device IP_LNET="192.168.17.1" # your local ip address LNET="192.168.17.0/24" # your local network DEV_INET="ippp0" # your internet device (ISDN) IP_INET=$LOCALIP # the IP address you receive from your ISP ipchains -A input -s $LNET 1024: --dport 21 -p tcp -i $DEV_LNET -j ACCEPT ipchains -A forward -s $LNET 1024: --dport 21 -p tcp -i $DEV_INET -j MASQ ipchains -A output -s $LNET 1024: --dport 21 -p tcp -i $DEV_INET -j ACCEPT ipchains -A input --sport 21 -d $IP_INET 1024: -p tcp -i $DEV_INET -j ACCEPT ! -y ipchains -A output --sport 21 -d $LNET 1024: -p tcp -i $DEV_LNET -j ACCEPT ! -y ipchains -A input --sport 20 -d $IP_INET 1024: -p tcp -i $DEV_INET -j ACCEPT ipchains -A output --sport 20 -d $LNET 1024: -p tcp -i $DEV_LNET -j ACCEPT ipchains -A input -s $LNET 1024: --dport 20 -p tcp -i $DEV_LNET -j ACCEPT ! -y ipchains -A forward -s $LNET 1024: --dport 20 -p tcp -i $DEV_LNET -j MASQ ! -y ipchains -A output -s $LNET 1024: --dport 20 -p tcp -i $DEV_LNET -j ACCEPT ! -y Hope that's right and HTH -- Mark Lutz Accepting German and English
participants (3)
-
Dominic Santi
-
Mark Lutz
-
Volker Wiegand