-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 thanks,
all i have to do is to load to kernelmodules. ip_conntrack_ftp and ip_nat_ftp right now everything is working fine. but is it possible that the kernel unload those two modules if they are unused for a longer time ? and how to load this to at boottime ? thanks harald Am Donnerstag, 3. Juli 2003 11.37 schrieb Volker Tanger: > Greetings! > > On Thu, 3 Jul 2003 09:03:15 +0200 Harald Thoeny > > <[EMAIL PROTECTED]> wrote: > > the ftp is behind the firewall. the hole network is masquareded. > > it is not a problem to connect from outside to the firewall but if the > > 'ls' command is send to the server the connection is getting lost > > can anyone explaine how to set up a proffesional solution ? > > The firewall should be able to filter FTP correctly - which it obviously > does not. For this you need a "stateful" packet filter. > > If you use a Debian-based FW (I'd suggest kernel 2.4 with IPFILTER) you > need to have the FTP ipfilter module installed as well and allow > ESTABLISHED as well as RELATED back in. The latter is needed to allow > the DATA connection from the server to the client. > > Workaround is to switch the FTP clients to passive mode, which uses > outgoing-only connections. > > Bye > > Volker Tanger -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/BUfmrq3/k4gLqoMRAnedAJ0eR664Q4OxrJ0UbqTzmbNd1ruQWgCgr48C kbNC+boKMdb+GOlA2RT+DAQ= =RkOS -----END PGP SIGNATURE-----
