Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] probs with ftp-masquerading
  • From: Peter Wiersig <wiersig@xxxxxxxxx>
  • Date: Wed, 23 Jan 2002 19:06:01 +0100
  • Message-id: <200201231801.TAA04276@xxxxxxxxxxxxx>
Am Mittwoch, 23. Januar 2002 18:47 schrieb Stephan:

> Von: Alberto Tarantino [mailto:alberto.tarantino@xxxxxxxxxxxx]
>
> > I know it might sound like a "dirty trick".. but.. why don't you use port
> > redirection and Squid as FTP proxy? That might improve security as well as
> > be a very easy ti implement solution.
>
> How exactly must this be done ?

I think it won't work.

ftp is a protocol which is a bit harder to manage in a firewall.

I wouldn't try to use port redirection but install a ftp-proxy and configure
my client programs to use this proxy.

The firewall rule I would chose would be:

iptables -p tcp -s ! ftpproxy/32 -d 0/0 --dport 21 -j REJECT

and this would only apply to traffic from internal to external networks.

Peter

< Previous Next >
Follow Ups