> 2. I have a private FTP server on a DMZ box. In DCD I > have to setup the FTP server to enable passive mode > and then open some passive ports and the FTP port for > it to work. On Bering, I just open FTP in shorewall > and do not touch anything with the passive ports. I > just do not know why it works. I think that is one of > the features of iptable. But then do I need to set up > the FTP server to use passive mode or not?
This is due to connection tracking with ftp support (2.4 kernel). A module named ip_conntrack_ftp: the ftp connection is ESTABLISHED, and the ftp-data is considered RELATED. If you accept established and related, which is normally the case, you don't have to open ports explicitly to allow active ftp. In any case, allowing connections from ftp server source port 20 (ftp-data) should allow active ftp even on firewalls without connection tracking. Regards Alex ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
