On 10/09/2004 Mike Mestnik wrote: > > anyway firehol doesn't allow to set user specific ports for service > > 'ftp', and therefore i have to open these ports manually. > > ?user specific? You mean 20 (ftp-data) and not just 21 (ftp)? Connection > tracking FTP should handel this, but only for your clients and not for any > servers you could be running.
no, i have 5 ftp servers running on 5 different ports. all these ports need to be opened for ftp traffic. > Turn this on with a 'modprobe ip_conntrack_ftp' and if your doing nat > 'modprobe ip_nat_ftp'. I add these into /etc/modules. i have modprobe ip_conntrack_ftp ports=21,210,215,220,225,230 in /etc/firehol/firehol.conf, and that works quite well. > > so this means that i don't need to open udp ports for ftp ... > > That depends, do you plan to use host names instead of IPs? If yes then > you will need to let DNS(udp) throught, fireho might do this for you. the ftpserver run on ips, but these ips are also available through dnsnames, and clients are intended to use these dnsnames, but i guess you think dnsname based virtualhosts, what in my opinion doesn't work for ftp at all, as it doesn't have the relevant name headers, as http has. bye jonas
