[luau] Iptables firewall question
Vince Hoang
luau at ml.altern8.net
Fri Jan 10 14:00:01 PST 2003
On Fri, Jan 10, 2003 at 05:26:15PM -0500, MonMotha wrote:
> >To run an FTP server that supports both PASV and PORT mode,
> >you will have to also allow incoming connections to your
> >ephemeral port range.
>
> Bad way to do it, just use the conntrack helper (and nat module
> if you're forwarding the port too, I guess if you're not
> forwarding it you don't need the nat module, but it doesn't
> hurt).
Hmm. I will have to look into that more. I was always skeptical
of ftp shims to simplify firewall configurations. It does seem to
raise the bar when used on the server side of the ftp connection.
FWIW, The latest phrack (Linenoise / Java Tears down the
Firewall) mentions how conntrack when used on the client side can
be used to circumvent the firewall.
-Vince
More information about the LUAU
mailing list