Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] kernel 2.4: ipchains and ip_masq_ftp

On 2001.07.31 11:59:16 +0100 Stefan_Walther@xxxxxxxxxxxx wrote:
>

> yeh you're right. But I think you should switch to iptables, if you want
> to
> use kernel 2.4.x. Maybe you should use a 2.2.19 if you want to be able to
> use ipchains and ip_masq_ftp.
>
> By the way the ftp-connections with iptables and ip_conntrak_ftp works
> much
> better and faster.
>


One thing to bear in mind with this approach : AFAIK the stock SuSE 7.2
2.4.4 kernel hasn't been patched to close the serious security hole in
ip_conntrack_ftp, so if security is of any importance at all, and you have
to allow FTP, 2.2.19 is probably better.

just my 2 cents.
Maf.

> MfG.
>
> Stefan Walther
> stefan_walther@xxxxxxxxxxxx
> dienst.: +4930/89786448
> Funk: +49172/3943961
>
> Hi,
>
> what can I do, when I want to run my old ipchains-configuration file on
> an
> 2.4 kernel
> I can load the ipchains-Module but there is no ip_masq_ftp Module any
> longer.
>
>
>
> INTERNOLIX AG
> Kai Elsner
> Network-Administrator
>
> elsner@xxxxxxxxxxxxxx
>

--

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Maf. King
Standby Exhibition Services

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"It is easier to do a job right than to explain why you didn't."

- Martin Van Buren

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



< Previous Next >
References