>I am wondering if it is possible to add support for non standard ftp >ports on the fly in kernel 2.4.21.
I don't think this is possible with the current IPTABLES code.
>The only way for me to connect to them is to change my >firewall to rewrite active requests. As I already have transfers >active, the masq modules are in use, and I therefore cannot unload >them in order to reload them.
You can force the unload the of the FTP MASQ module but you'll break all of the existing connections (which sucks). Curious, why do you have so many people using non-standard ports?
>Ideally it would be nice if I didn't have to unload and load the >modules at all, and therefore not break all the existing ftp >connections. > >Is this possible / plausible?
Most commercial firewalls do that today. Looking at the /linux/net/ipv4/netfilter/ip_conntrack_ftp.c source code, I recommend to email
the Netfilter people and see if they would be willing to re-write this module code. The tricky part would be how to signal the module that it should re-read the /etc/rc.modules file for more non-standard ports w/o deleting the current connections. While your at it, ask them for a mechanism to delete a given and/or all the MASQ connections in the state table. :-)
--David .----------------------------------------------------------------------------. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !---- ----! `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
