FTP (21) data through Firewall (ipchains)

Martijn van Oosterhout kleptog at svana.org
Sun Aug 12 18:18:01 EST 2001

On Sun, Aug 12, 2001 at 03:04:16PM +1000, Steven Hanley wrote:
> On Sun, Aug 12, 2001 at 11:33:04AM +1000, Neil Pickford wrote:
> > I am trying to give internal machines access to FTP (off the web)
> > via the masquerade.  At the moment I am blocking incoming internet 
> > ftp requests.
> by off the web do you mean when netscape or similar are presented with an ftp
> URI?
> AFAIK netscape always uses passive ftp by default anyway.

For the record, so do proxies generally. On the whole passive FTP is much
more firewall friendly, since incoming connections are usually much more
strictly firewalled than outgoing connections.

Martijn van Oosterhout <kleptog at svana.org>
> It would be nice if someone came up with a certification system that
> actually separated those who can barely regurgitate what they crammed over
> the last few weeks from those who command secret ninja networking powers.

More information about the linux mailing list