On Friday 22 August 2003 21:46, Martin Wheeler wrote: > Just caught the end of this ... may be applicable to a problem I'm > experiencing myself. (Not ProFTP, but gFTP.) > > As far as I know, one of my firewalls is the Mandrake SNF (Simple Network > Firewall ?), running under 2.2.19. (I'm fairly sure this is what it is.)
That'll be ipchains-based then, and not capable of any true statefulness (SYN tracking doesn't really count :) > One of my service providers is also behind a firewall, and insists on > passive mode being turned off for any communication/transfers with them. Well, that service provider has no clue about modern stateful firewalling, and consequently doesn't permit incoming connections on high ports, hence the requirement for active mode FTP... > Of course gFTP (with passive mode turned off), just hangs if any attempt is > made to transfer anything. > Anyone know how I can reliably open up this channel in PORT mode without > compromising anything anywhere? You need to upgrade to a 2.4 kernel and use iptables rather than ipchains.... or configure your FTP client to specifically use a small range of ports, and allow those ports directly to your machine. Not secure, but not exactly a giant RPC exploit either ;) gdh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
