Tracy R Reed said:
> Christian Seberino wrote:
>
>>I think active FTP is weird as far as needing extra ports
>>which makes it hard on firewalls. I think this is real
>>problem rather than any Microsoft weirdness.
>>
>>I'm not sure how to make iptables handle this.
>>
>>
>
>
> Use passive ftp or install the iptables ftp helper module which will
> rewrite the protocol layer port information to match what the nat in
> iptables is doing. I am really peeved these days over the destruction
> of
> the peer to peer connectivity aspects of the Internet. NAT must die
> and
> firewalls must go away in favor of host based security. We need to
> come
> up with a killer app for ipv6.
In this case the culprit isn't NAT, it's FTP. It's a weird protocol
and it causes no end of grief, not only because of firewalls, but even
routing will cause problems with FTP. So don't blame NAT for the
problems with FTP, blame FTP.
--
Neil Schneider pacneil_at_linuxgeek_dot_net
http://www.paccomp.com
Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D
"He who joyfully marches to music in rank and file has already earned
my contempt. He has been given a large brain by mistake, since for him
the spinal cord would surely suffice." ( Albert Einstein)
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
