Results 1 to 4 of 4
I looked into the rule set for enabling /handling ftp connections through linux firewalls. I did not find any new addition to the syntax for FTP than that of ip_conntrack.
...
- 09-07-2009 #1Just Joined!
- Join Date
- Sep 2009
- Location
- Raleigh
- Posts
- 5
why ip_conntrack_ftp is needed?
I looked into the rule set for enabling /handling ftp connections through linux firewalls. I did not find any new addition to the syntax for FTP than that of ip_conntrack.
For example, for setting an active FTP connection, we use
iptables -A INPUT**** -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
My doubt is why do we need a separate ftp conntrack module when we can write this syntax using conntrack module itself.
Thanks
Balaji
- 09-08-2009 #2Linux Guru
- Join Date
- Jun 2004
- Location
- The Keystone State
- Posts
- 2,281
Not sure I totally understand your question. The FTP is needed as you are switching ports when transferring data unlike other connection that will use the same ports during a single connection. Thus you are allowing the client to switch ports without having to re-authenticate which you would not want to happen at any other time.
- 09-08-2009 #3Just Joined!
- Join Date
- Sep 2009
- Location
- Raleigh
- Posts
- 5
Sorry for the ambiguity of my question.
What I wanted to know is why we need to load a seperate module for ftp and why cant we embed the functions in ip_conntrack itself. I want to know what does the code in the module ip_conntrack_ftp do. Can anybody please give me a link to the latest release of ip_conntrack and ip_conntrack_ftp module?
Thanks
Balaji
- 09-08-2009 #4Linux Guru
- Join Date
- Nov 2007
- Posts
- 1,695
Google: iptables linux
The netfilter.org "iptables" project
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
