[ale] Linux 2.2.19 IPCHAINS Firewall + FTP woes
Dow Hurst
dhurst at kennesaw.edu
Thu Jul 24 19:31:34 EDT 2003
Switch to scp. Don't use ftp to connect to a machine inside your
firewall from the Internet. You need a DMZ or exposed server to provide
ftp services.
Dow
Nathan J. Underwood wrote:
>An associate has a linux firewall running RH Linux (kernel 2.2.19), ipchains
>1.3.9 to protect a small firm (~5 users). This has worked well in the past, but
>now he needs to put a FTP server behind it (currently has webserver, and mail
>server behind it). It's been a very long time since I've worked with the 2.2.x
>kernel, and an ipchains firewall for that matter, but I definately remember
>losing some hair over trying to get FTP to work from behind it. We can get to
>the box, and log into the FTP server, but we are unable to get a directory
>listing. I have verified that ip_masq_ftp is loaded, but lsmod reports that
>it's unused (see below). Any ideas? What am I missing? Many thanks
>
>
>lsmod
>Module Size Used by
>ip_masq_ftp 3740 0 (unused)
>ip_masq_portfw 2656 48
>
>
>
>
--
__________________________________________________________
Dow Hurst Office: 770-499-3428
Systems Support Specialist Fax: 770-423-6744
1000 Chastain Rd. Bldg. 12
Chemistry Department SC428 Email: dhurst at kennesaw.edu
Kennesaw State University Dow.Hurst at mindspring.com
Kennesaw, GA 30144
*****************************************************************
This message (including any attachments) contains confidential *
information intended for a specific individual and purpose, *
and is protected by law. If you are not the intended recipient,*
you should delete this message and are hereby notified that *
any disclosure, copying, or distribution of this message, or *
the taking of any action based on it, is strictly prohibited. *
*****************************************************************
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list