Re: [leaf-user] SSH question

Fri, 14 Feb 2003 07:54:24 -0800 

John Mullan wrote:
Thanks Tom, I will double check the listening address. It may have gotten
changed somehow.

I'm not sure about your reference to 'odd requirement'. Do you mean
choosing port 1021?

My only intention is, that if external clients make an FTP request using
default port of 21 that they get routed to 1021 on the appropriate machine.
Saves me explaining to friends to use 1021. Would it be more appropriate
to use a REDIRECT instead of DNAT??

John
=======================================
Work: http://www.olgclotteries.com
[EMAIL PROTECTED]
888-345-7568 ext. 2205

Personal: http://www.mullan.ca
[EMAIL PROTECTED]
MSN: [EMAIL PROTECTED]
=======================================



Tom Eastep <[EMAIL PROTECTED]> To: John Mullan <[EMAIL PROTECTED]> Sent by: cc: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: [leaf-user] SSH question ceforge.net 14-02-03 10:04 AM



John Mullan wrote:

Yes, they are intentional.  I want to keep the FTP server on port 1021.

If


anyone comes in from outside without specifying port 1021, they will

still


get to my FTP server.  That leaves me the future opportunity to have
another FTP server on 21 but only accessible from internal.

At least, that is the way I figure it.




This is the rule that you posted:



DNAT net loc:192.168.1.128 tcp 21 1021



That rule says to DNAT tcp connection requests from the net to 
192.168.1.128 if the destination port is 21 AND THE SOURCE PORT IS 1021.



If you wanted to accept either 21 or 1021 then the rule would have been:



DNAT net loc:192.168.1.128 tcp 21,1021



And of course you must tell ip_conntrack_ftp and ip_nat_ftp to consider 
1021 to be an ftp port.



-Tom

--

Tom Eastep    \ Shorewall - iptables made easy

Shoreline,     \ http://www.shorewall.net

Washington USA  \ [EMAIL PROTECTED]







-------------------------------------------------------

This SF.NET email is sponsored by: FREE  SSL Guide from Thawte

are you planning your Web Server Security? Click here to get a FREE

Thawte SSL guide and find the answers to all your  SSL security issues.

http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en

------------------------------------------------------------------------

leaf-user mailing list: [EMAIL PROTECTED]

https://lists.sourceforge.net/lists/listinfo/leaf-user

SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html






















					Reply via email to