Hello:
Sundari KuSumam wrote,
> What is the difference between passive and active mode?
Here is a cut and paste from the Netfilter mailing list:
<snip>
Diff b/w Active and Passive FTP:
The differences between active and passive FTP are as follow :
ACTIVE : Client connect to server form Unpriviledge port ( 1024-65535 )
to the ftp command port ( 21 ). Then when you type "ls" or "get ..."
the server connect from ftp data port ( 20 ) to the client on an
unpriviledge port.
PASSIVE : Client connect to server form Unpriviledge port ( 1024-65535)
to the ftp command port ( 21 ). Then when you type "ls" or "get ..."
THE DIFFERENCE ==> the client connect from an unprivilidege port to the
server on an unpriviledge port.
So, in active mode, the server open the data socket, and in passive mode
the client open the data socket.
Second, Passive or active ftp is not a matter of rules in your firewall,
but a matter of state in you ftp client.
</snip>
> Also a related query I want to limit access to certain services such
> as yahoo messenger to one or two machine What is he best way?
1) Find out what ports are used by Yahoo messenger (TCP port 5050 IIRC)
2) Make sure the conntrack kernel modules are loaded
3) Enable masquerade for the hosts that you want to provide Yahoo
messenger access and _only_ for the Yahoo ports
$IPT -t nat -A POSTROUTING -p tcp -s $MY_HOST --dport 5050 -j MASQUERADE
(you will need more rules if your default FORWARD and PREROUTING policy
is to DROP)
4) Do the same for all other hosts that you want to provide selective
access.
OR
Yahoo supports HTTP(S?). Configure your Yahoo client to use your http
proxy (you have one right?) and use the HTTP transport instead of tcp
port 5050.
-- Shanu
--
Han Solo:
I think my eyes are getting better. Instead of a big
dark blur I see a big light blur.
Luke Skywalker:
There's nothing to see. I used to live here you know.
Han Solo:
You're gonna die here you know. Convenient.
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
