Christian Seberino wrote:
I think active FTP is weird as far as needing extra ports
which makes it hard on firewalls. I think this is real
problem rather than any Microsoft weirdness.
I'm not sure how to make iptables handle this.
Use passive ftp or install the iptables ftp helper module which will
rewrite the protocol layer port information to match what the nat in
iptables is doing. I am really peeved these days over the destruction of
the peer to peer connectivity aspects of the Internet. NAT must die and
firewalls must go away in favor of host based security. We need to come
up with a killer app for ipv6.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
