 |
 |
|
|
|
|
Welcome to the { mindfrost82.com } forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact us. |
|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Display Modes |
03-12-2008, 12:28 PM
|
|||
|
|||
|
iptables ftp conntrack using port != 21
Hi everyone,
I want to run the ftp server of my linux box on a non-standard port (say, 20 for data but 666 for handshake). The problem is that obviously the connection tracking module in iptables only works with ports 20/21. If I check my logs I see that the client's LIST command is recognized as a NEW connection if my ftp server is set to use port 666. Is this a fact or am I just missing some setting? Thanks in advance, Eric 
|
|
03-12-2008, 02:55 PM
|
|||
|
|||
|
Re: iptables ftp conntrack using port != 21
Hello,
Eric a écrit : > > I want to run the ftp server of my linux box on a non-standard port > (say, 20 for data but 666 for handshake). The problem is that > obviously the connection tracking module in iptables only works with > ports 20/21. AFAIK port 20 is not involved in FTP connection tracking as it does not appear in port/passive commands. > If I check my logs I see that the client's LIST command > is recognized as a NEW connection if my ftp server is set to use port > 666. > Is this a fact or am I just missing some setting? Hint : modinfo ip_conntrack_ftp (or nf_conntrack_ftp on recent kernels)
|
|
03-13-2008, 07:23 AM
|
|||
|
|||
|
Re: iptables ftp conntrack using port != 21
Eric wrote:
> Hi everyone, > > I want to run the ftp server of my linux box on a non-standard port > (say, 20 for data but 666 for handshake). The problem is that > obviously the connection tracking module in iptables only works with > ports 20/21. If I check my logs I see that the client's LIST command > is recognized as a NEW connection if my ftp server is set to use port > 666. > Is this a fact or am I just missing some setting? > you could load ip_conntrack_ftp module with another port in configuration modprobe ip_conntrack_ftp ports=21,<port> > Thanks in advance, > Eric
|
|
03-13-2008, 11:21 AM
|
|||
|
|||
|
Re: iptables ftp conntrack using port != 21
On 13 Mrz., 07:23, Philippe Weill <Philippe.We...@aero.jussieu.fr>
wrote: > modprobe ip_conntrack_ftp ports=21,<port> Ah, thanks, obviously this is exactly what I was looking for. :) Btw, I'm using a 99% monolithic kernel, so what does the boot parameter look like? Is it ip_conntrack_ftp.ports=<xxx> (I'm using lilo but that shouldn't influence the parameter syntax)? Regards, Eric
|
|
03-13-2008, 05:34 PM
|
|||
|
|||
|
Re: iptables ftp conntrack using port != 21
Eric wrote:
> On 13 Mrz., 07:23, Philippe Weill <Philippe.We...@aero.jussieu.fr> > wrote: > >> modprobe ip_conntrack_ftp ports=21,<port> > > Ah, thanks, obviously this is exactly what I was looking for. :) > Btw, I'm using a 99% monolithic kernel, so what does the boot > parameter look like? Is it > > ip_conntrack_ftp.ports=<xxx> perhaps it's a mistake but I think you couldn't if not in module > > (I'm using lilo but that shouldn't influence the parameter syntax)? > > Regards, Eric
|
|
03-14-2008, 08:58 AM
|
|||
|
|||
|
Re: iptables ftp conntrack using port != 21
On 13 Mrz., 17:34, Philippe Weill <Philippe.We...@aero.jussieu.fr>
wrote: > perhaps it's a mistake but I think you couldn't if not in module Hmm, I thought this was the standard syntax for in-kernel "modules". Isn't anyone out there who knows for sure? :) Regards, Eric
|
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
