ftp server behind firewall
Joel Hammer
Joel
Mon May 17 11:49:08 PDT 2004
I want to be able to ftp to a linux box behind a firewall linux box from
the outside. I need to configure the ftp server and the firewall.
I assume, since the "outside" client is also behind a firewall, I may be
using passive mode for the transfer. I am using ipchains and ipmasqadm. I
am running an ftp server on the firewall linux box, too. This ftp server
on the firewall box is using ports 20 and 21.
In the active transfer mode, it seems straightforward to have the
outside client ftp to a special command port, say port 27 instead of
21. I can set up the firewall linux box to send all requests on port 27
to my ftp server behind the firewall to the usual command port. But,
here is where where I need help. How do I tell the client what the data
port is on the server? Does the ftp server send the data port back as a
data packet, or does the ftp client assume the data port number is the
port on the server making the connection to the client's data port? Could
ipmasqadm simply switch outgoing port numbers?
The second question is for passive mode. Here, the ftp server sends back the
temporary port to use for data transfers. There is supposed to be a way to
restrict which ports are sent back by the server. However, the method
suggested is changing an include file and, I suppose, recompiling the ftp
daemon. Is there a configuration file which would do this?
Could I just edit the binary file, assuming I could find the current port
ranges in the binary file? Sounds hard, since it will be numbers, not
strings.
Any insights appreciated,
Joel
More information about the Linux-users
mailing list