Find the answer to your Linux question:
Results 1 to 5 of 5
Hi All, Can anyone tell me what range of ports I have to open in FORWARD chain to allow access users from my LAN to any external ftp servers running ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2004
    Location
    Russian Federation, Kaliningrad
    Posts
    6

    external passive ftp server and FORWARD chain


    Hi All,

    Can anyone tell me what range of ports I have to open in
    FORWARD chain to allow access users from my LAN to any external
    ftp servers running in passive mode?

    Right now users from LAN can only connect to ftp which are not running
    passive mode.

    thanks

    Updated:
    I have just figured out that range begins from 1024 :\ port number.
    But I don't want to open all ports greater then 1024
    what can I do more?

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    There's nothing you can do, except writing a kernel module that scans all FTP control channels and opens ports dynamically.

    The thing is that all ports above 1024 should always be open, since they are supposed to be "custom" ports.

  3. #3
    Just Joined!
    Join Date
    Jan 2004
    Location
    Russian Federation, Kaliningrad
    Posts
    6
    Thanks for reply.

    Then I have another question: if I'll open all port greater then 1024
    how I can filter output packets going from my LAN to, for example,
    eDonkey or ICQ?

    What is the best way to do such kind of thing?
    Should I filter packets by fragments?

  4. #4
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    One way is to filter away those specific ports. AFAIK, ICQ uses port 5190. I don't know what eDonkey uses, though. I think that's the best way to do it. The only other way I can think of is to create a new kernel module that uses some heuristic that tries to recognize those protocols.

  5. #5
    Just Joined!
    Join Date
    Jan 2004
    Location
    Russian Federation, Kaliningrad
    Posts
    6
    Thank you for your reply!

    I've also found port numbers which eDonkey uses.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •