[Zope] FTP and firewall
Fred Yankowski
fred at ontosys.com
Mon Feb 23 11:13:16 EST 2004
On Sun, Feb 22, 2004 at 10:05:22AM -0800, Robert Jean wrote:
> The problem is, I suspect as per the FTP protocol, the
> client decides the local socket of the data channel
> (not very good for firewall support). However, I have
> been successful with other standard FTP servers using
> similar treatment. Is there a resolution to this
> issue?
You may have to tell the firewall that port 8021 (or whatever you've
configured as the Zope FTP port) carries FTP traffic, so that it can
do the necessary magic to track FTP connections and dynamically allow
data connections established from an FTP control connection. For
iptables on Linux this can be done like this (on the FTP server):
modprobe ip_conntrack_ftp ports=21,8021
That tells the FTP connection tracking module to watch both port 21
(the default) the 8021 (the Zope FTP port). The Cisco router/firewall
may have a corresponding incantation.
--
Fred Yankowski fred at ontosys.com tel: +1.630.879.1312
OntoSys, Inc PGP keyID: 7B449345 fax: +1.630.879.1370
www.ontosys.com 38W242 Deerpath Rd, Batavia, IL 60510-9461, USA
More information about the Zope
mailing list