ftp server behind firewall

James McDonald james
Mon May 17 11:49:09 PDT 2004 

if you are using a 2.2.x kernel and ipchains there is a helper module 
for ftp so that the server sends the client the data port and then the 
firewall is aware of which data port to allow the client to connect back 
to...

I can't remember the firewall module from memory.... but it's got "ftp" 
in it...



Joel Hammer wrote:
> I want to be able to ftp to a linux box behind a firewall linux box from
> the outside. I need to configure the ftp server and the firewall.
> 
> I assume, since the "outside" client is also behind a firewall, I may be
> using passive mode for the transfer. I am using ipchains and ipmasqadm. I
> am running an ftp server on the firewall linux box, too. This ftp server
> on the firewall box is using ports 20 and 21.
> 
> In the active transfer mode, it seems straightforward to have the
> outside client ftp to a special command port, say port 27 instead of
> 21. I can set up the firewall linux box to send all requests on port 27
> to my ftp server behind the firewall to the usual command port.  But,
> here is where where I need help. How do I tell the client what the data
> port is on the server? Does the ftp server send the data port back as a
> data packet, or does the ftp client assume the data port number is the
> port on the server making the connection to the client's data port? Could
> ipmasqadm simply switch outgoing port numbers?
> 
> 
> The second question is for passive mode. Here, the ftp server sends back the
> temporary port to use for data transfers. There is supposed to be a way to
> restrict which ports are sent back by the server. However, the method
> suggested is changing an include file and, I suppose, recompiling the ftp
> daemon. Is there a configuration file which would do this?
> Could I just edit the binary file, assuming I could find the current port
> ranges in the binary file? Sounds hard, since it will be numbers, not
> strings. 
> 
> Any insights appreciated,
> 
> Joel
> 
> 
> _______________________________________________
> Linux-users mailing list
> Linux-users at linux-sxs.org
> Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users

More information about the Linux-users mailing list