Displaying 20 results from an estimated 3000 matches similar to: "Weird DNAT + passive FTP bug"
2007 Oct 05
0
[Fwd: Re: DNAT rule for vsftp (PASSIVE FTP)]
-------- Original Message --------
Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP)
Date: Fri, 05 Oct 2007 12:17:42 +0530
From: Mohan Sundaram <smohan@vsnl.com>
Reply-To: smohan@vsnl.com
To: Indunil Jayasooriya <indunil75@gmail.com>
References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com>
Indunil Jayasooriya wrote:
> Hi all,
>
> I want to run
2007 Oct 05
0
[Fwd: Re: DNAT rule for vsftp (PASSIVE FTP)]
Grant Taylor wrote:
> I''ll have to double check some things to make sure that you don''t need
> to do any thing special other than just allow the initial connection and
> rely on the FTP connection tracking helper to handle all other connections.
>
> I''ve never run an FTP server behind a NAT, but I''ve never had a problem
> with the FTP
2007 Oct 05
3
DNAT rule for vsftp --(PASSIVE FTP)
Hi all,
I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as
passive ftp.
the theroy behind passive ftp is ,
- FTP server's port 21 from anywhere ( Client initiates connection)
- FTP server's port 21 to ports > 1024 (Server responds to client's
control port)
- FTP server's ports > 1024 from anywhere (Client initiates data
connection to
2007 Oct 05
3
DNAT rule for vsftp (PASSIVE FTP)
Hi all,
I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as
passive ftp.
the theroy behind passive ftp is ,
- FTP server''s port 21 from anywhere (Client initiates connection)
- FTP server''s port 21 to ports > 1024 (Server responds to client''s
control port)
- FTP server''s ports > 1024 from anywhere (Client initiates data
2012 Aug 20
0
Shorewall 4.5.7
The Shorewall team is pleased to announce the availability of Shorewall
4.5.7.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes the defect repair from Shorewall 4.5.6.2.
2) The command
2008 Mar 30
7
FTP DNAT not working - "Server sent passive reply with unroutable address"
Hi all!
I am a long time lurker, but have not posted until now.
My old trusted firewall machine broke a couple of weeks ago and I replaced it
with a XEN domU that is using DNAT and has two interfaces. The firewall domU and
the FTP server domU are both guests on the same dom0. All three machines are
running Debian/etch (stable) and Shorewall has version 3.2.6.
I can''t get FTP to work
2017 Apr 15
0
connection state tracking with DNS [was Primary DNS...]
On 04/11/2017 04:16 PM, Alice Wonder wrote:
> Hi, I would like to see this addressed.
> Is there a firewalld solution to this issue?
Yes:
# Disable connection tracking for UDP DNS traffic
#
https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m
conntrack --ctstate UNTRACKED -j ACCEPT
firewall-cmd
2006 Aug 31
0
[Xense-devel] [RFC][PATCH][ACM] enforcing ACM policy on network traffic between virtual network interfaces
This patch adds an ACM hook into the network scripts (/etc/xen/scripts).
It adds iptables rules that enforce mandatory access control on network
packets exchanged between virtual interfaces. If ACM is active, this
patch sets the default FORWARD policy in Dom0 to DROP and adds iptables
ACCEPT rules between vifs that belong to domains that are permitted to
share (determined by using the
2013 Dec 24
3
[Bug 882] New: The conntrack-tools archive contains some leftovers from a patch run
https://bugzilla.netfilter.org/show_bug.cgi?id=882
Summary: The conntrack-tools archive contains some leftovers
from a patch run
Product: conntrack-tools
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: trivial
Priority: P5
Component: conntrack-daemon
2006 Oct 06
0
Port forwarding from non-xenbridged external interface to xen-interface
Hello everybody,
I have an odd problem with iptables using a Xen bridge setup. I don''t know if
it would be better to post to netfilter Mailing-List. But I hope someone here
know how to solve it. If it''s OT here, please let me know. I''ll try to do a
little bit ASCII-Graphics to explain the topo better:
_________ ________
2009 Feb 12
2
[LLVMdev] Eliminate PHI for non-copyable registers
Chris Lattner-2 wrote:
>
>
> On Feb 11, 2009, at 4:07 AM, Alex wrote:
>
>> In my hardware there are two special registers cannot be copied but
>> can only be assigned and referenced (read) in the other instruction.
>> They are allocatable also.
>>
>> br i1 %if_cond, label %then, label %else
>> then:
>> %x1 = fptosi float %y1 to i32
2005 Jun 20
0
routing for multiple uplinks + DNAT (LVS in my case)
Hi.
Contents:
1) Introduction
2) 2 Questions
* Introduction:
I used this HOWTO to use multiple providers.
http://lartc.org/howto/lartc.rpdb.multiple-links.html
The box is a load balancer, using the Linux Virtual Server.
We have a problem with lost connections, and it seems you
get issues when you combine this setup with DNAT [1].
The proposed solution [1] is to use these rules to mark
2020 Apr 01
0
[ANNOUNCE] conntrack-tools 1.4.6
Hi!
The Netfilter project proudly presents:
conntrack-tools 1.4.6
The conntrack-tools are a set of tools targeted at system
administrators. They are conntrack, the userspace command line
interface, and conntrackd, the userspace daemon. The tool conntrack
provides a full featured interface that is intended to replace the old
/proc/net/ip_conntrack interface. Using conntrack, you can view
2016 May 12
2
[Bug 1065] New: NOTRACK is not supported in nft
https://bugzilla.netfilter.org/show_bug.cgi?id=1065
Bug ID: 1065
Summary: NOTRACK is not supported in nft
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
2005 Jan 03
1
Unable to do passive ftp after updating to 2.0.9
Hi,
I''m using the same set of firewall rules of 2.0.x
(sorry, I can''t remember the exact minor version) and
put it to work with 2.0.9. And now I can''t do passive
ftp (was working before).
I see that my NEWNOTSYN is set to Yes, and the
loc->net rule is blocking 1024:65535.
But I believe with the ip_conntrack_ftp, the passive
mode would be allowed, since
2007 Jan 08
3
How can I do traffic shapping for passive ftp ?
Hello
I''ve setuped a bridge with iptables + layer + ipp2p + tc
I don''t know how to shape passive ftp ?
If I put rules on port 20, 21 or using layer 7 iptables accounting
still empty ...
When I done a tcpdump I can see that othe port than 20 or 21 are used ...
Any Ideas of how I can achieve this ?
Regards
2004 Nov 21
0
script to shape outbound passive/active ftp traffic
Hi,
I just wanted to share my script with the list. I have been trying to
shape outbound passive and active ftp traffic without affecting inbound
and lan transfers. I have tried to do this for a long time and it seems
that I have finally figured it out.
Feel free to comment on the below script if there is anything that can
be improved. It seems to work flawlessly so far.
#!/bin/bash
2004 Jul 29
0
limiting outbound passive ftp
Hi,
I am trying to use the following script to limit my passive ftp traffic
to 35KBytes.
Problem is, it kill''s the entire connection on that computer. The
script is running on the same machine as the ftp server. I was hoping
to limit the ftp traffic, and only the ftp traffic, leaving the computer.
It seems to limit everything, i tried transfering a file with samba and
the whole
2004 Aug 05
1
marking passive ftp and shaping
I am trying to mark outbound passive ftp traffic with iptables and shape
it to 35KBytes. I am using the following script on the computer that
runs the ftp server.
It is not working correctly, it seems to limit ALL traffic. Cant file
share or anything.
Anyone might know what is wrong?
#!/bin/bash
#shaping passive ftp traffic
# mark the outbound passive ftp packets on ports 50000-51000
2007 Jun 06
0
Controlling FTP in Passive Mode
I am trying to control traffic in my server and a doubt came over
me... My ftp server is set up in passive mode, so it will randomly
choose a port to transfer data (in my case ports 50000-50100)... Is there a
way of controlling this ftp traffic without marking packets?
Thanks!
Bye...
msn: fredi_bieging@hotmail.com
skype: fredibieging
A mathematician is a machine for converting coffee into