[Shorewall-users] my problem with runing a passive FTP server
teastep at shorewall.net
Tue Jun 17 23:52:22 PDT 2003
On Tue, 2003-06-17 at 07:02, Tom Eastep wrote:
> I told you the first time and I'll tell you only once more -- DO NOT
> SPECIFY A MASQUERADE IP ADDRESS TO YOUR FTP SERVER.
I apologize if it wasn't you that I made this point to recently.
FTP servers permit specifying the external IP address of the firewall to
compensate for broken/stupid firewall's that don't handle FTP as well as
Netfilter does. With Netfilter, using this FTP server facility actually
breaks the firewall's handling of FTP.
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users