Hi Gene,
Gene Moreau a écrit :
>
> having a problem with getting ftp and ntp to work properly.
>
> this is from the firewall box itself. If I disable the firewall rules it
> works propperly. As soon as I turn them on ftp sort of works. For example
> I can log in and get files from my ftp server, but I can't do any directory
> listings....this is for both pasive and active ftp.
Ok, lets have fun with the FTP procotol.
To solve this problem, we have 2 solutions:
1)Open High Ports (1024:65535) in office traffic ( forward services )
or
2) configure Squid as a proxy ftp.
>
> ntp won't work from the firewall box if I have the rules turned on. I even
> put my ntp servers in the ntp server box. verified the rules are there with
> ipchains -L -n and got this...
>
> ACCEPT udp ------ 128.100.100.128 0.0.0.0/0 123 ->
> 1024:65535
> ACCEPT udp ------ 140.221.9.20 0.0.0.0/0 123 ->
> 1024:65535
>
> Just a general questions here.....does it directly modify the bastille.conf
> file for these sorts of settings? I've noticed that it does for soemthings,
> but if I add ntp server is NAAT it doesn't add them to the bastille.conf
> file and vice versa. Am I incorrect in thinking that for alot of the rules
> type things NAAT is just a front end for bastille?
>
ntp sources port depend of the client.
ntpdate , default comportement : It use the same source port as the
destination port.
but we forgot to mention the -u option in ntpdate cron to use high
source port
we fix this.
you can add in the /etc/cron.d/ntp-synchro/ the -u option to ntpdate.
> Gene Moreau
> IT Specialist
> Arrista Technologies - http://www.arrista.com
>
> v: 204.489.3200
> f: 204.489.8300
> e: [EMAIL PROTECTED]
> PGP pub key: http://www3.mb.sympatico.ca/~moreaug/pgp.html
--
Philippe Libat <[EMAIL PROTECTED]>
Linux-Mandrake http://www.linux-mandrake.com
_____________________________________________
Think Different, Think Linux
