RE: firewall question
From: Marco A. Ramos (mramos_at_sanyoval.net)
Date: 05/12/05
- Previous message: Bill Tangren: "Re: firewall question"
- In reply to: Jessica Zhu: "RE: firewall question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "General Red Hat Linux discussion list" <redhat-list@redhat.com> Date: Thu, 12 May 2005 12:07:30 -0700
OK
>>Then the question is how to let ftp server know to use the specific range
>>of ports. We use wu-ftpd-2.6.1-20.
It depends of your FTP server, for example I use Pure-ftpd (pureftpd.org)
and this FTP server has the option to define the port range. "-p
50301:50500"
>>For "send ip own IP address", do you mean that I just include their ip in
>> the firewall and trust that ip?
If your FTP server is on the same server where the firewall is, you don't
have problems with this.
-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com]On Behalf Of Jessica Zhu
Sent: Thursday, 12 May, 2005 11:47 AM
To: General Red Hat Linux discussion list
Subject: RE: firewall question
On Thu, 12 May 2005, Marco A. Ramos wrote:
> As you say you have two options:
>
> a) To force all users, to work as nonpasive method (Remenber open the data
> port (tcp/20)
That's what I already did.
-A input -s xxx.xxx.xx.0/24 -d 0/0 20 -p tcp -y -j ACCEPT
>
> b) Enable the Passive method on your firewall, to made it, you have to
> determine some port in your ftp server, this mean, that your ftp server
must
> to use an especific range of ports (for example 50000-50500) and then open
> that range in your firewall. Other point it to consider that the FTP
server
> will send ip own IP address, for the passive connection.
Then the question is how to let ftp server know to use the specific range
of ports. We use wu-ftpd-2.6.1-20.
For "send ip own IP address", do you mean that I just include their ip in
the firewall and trust that ip?
Jessica
>
> Good Luck
>
> -----Original Message-----
> From: redhat-list-bounces@redhat.com
> [mailto:redhat-list-bounces@redhat.com]On Behalf Of Bartosz Brewinski
> Sent: Thursday, 12 May, 2005 11:30 AM
> To: redhat-list@redhat.com
> Subject: Odp: firewall question
>
>
> Maybe "BBedit" is not configured (or can't be) for passive ftp while the
> other ftp clients used in the office are using passive ftp connections ?
>
> Maybe it would be sufficient to persuade BBedit to use passive connection
> method ?
>
> Hope this helps.
>
> bartek
>
> >>> jessica@mathforum.org 2005-05-12 20:21 >>>
> Hi,
>
> I set up the firewall on an old linux(7.1) server using ipchains which
> allows ftp within our network. After the firewall up, some users in the
> office who using Bbedit on Macintosh complained that they cannot ftp to
> the server any more although there is no problem to use other ftp
> programs.
>
> My final solution is to trust the ips from those users using BBedit and
> accept all from them. However, I thought this is not the best and secure
> solution. Just wondering whether anybody on the list can help me figure
> out the better solution.
>
> Thanks!
>
> Jessica
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Bill Tangren: "Re: firewall question"
- In reply to: Jessica Zhu: "RE: firewall question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
