comp.os.linux.networking
back to index
Group: comp.os.linux.networking
From: Pascal Hambourg
Date: Wednesday, March 12, 2008 8:55 AM
Subject: Re: iptables ftp conntrack using port != 21
From: Pascal Hambourg
Date: Wednesday, March 12, 2008 8:55 AM
Subject: Re: iptables ftp conntrack using port != 21
Hello,
Eric a écrit :
>
> I want to run the ftp server of my linux box on a non-standard port
> (say, 20 for data but 666 for handshake). The problem is that
> obviously the connection tracking module in iptables only works with
> ports 20/21.
AFAIK port 20 is not involved in FTP connection tracking as it does not
appear in port/passive commands.
> If I check my logs I see that the client's LIST command
> is recognized as a NEW connection if my ftp server is set to use port
> 666.
> Is this a fact or am I just missing some setting?
Hint : modinfo ip_conntrack_ftp (or nf_conntrack_ftp on recent kernels)
