Re: [TCLUG:6207] ipchains and RH 6.0

[Bob Tanner <tanner@real-time.com>]

Quoting Bob Tanner (tanner@real-time.com):
> Well, I thought I should make the move to ipchains, since I am now running RH
> 6.0. But I have run into a snag.
> 
> With ipchains I am unable to figure how to do ftp.
> 
> I am not masqurading, just blocking. My workstation has a valid IP address, I
> am just working on the input chain.
> 
> After I make an outgoing ftp connection, the ftp server is going to respond
> back to me with the ftp-data part, but when I hit my favorite ftp sites,
> ipchains is reporting:
> 
> May 29 05:04:41 mordent kernel: Packet log: lockdown DENY eth0 PROTO=6
> 206.10.252.12:4697 206.145.104.172:3248 L=44 S=0x00 I=61415 F=0x0000 T=61
> 
> This is me typing dir after I have sucessfully logged into the ftp server. It
> looks like the server is sending back the ftp-data connection on some
> random(?) port.
> 
> How do I assocate this connection with my inital ftp request?

It is just ncftp which does not work. I believe this is because ncftp used
passive ftp.

Under a typical ftp sessions, the client connects to the server on port 21 and
the server turns around and opens port 20 back to the client. I believe
passive ftp is where the client does all the work. So, how does one ipchain
passive ftp?


-- 
Bob Tanner <tanner@real-time.com>       | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9