26 Jan
2009
26 Jan
'09
5:52 p.m.
On Mon, Jan 26, 2009 at 06:48:15PM +0100, happymaster23 wrote:
Thank you,
I will check it. But - is this only possible solution?
SFTP I am using only for administration purposes (yeah, it is quite easy to set it up :-D) and it´s better for me, to make FTPS for customers and SFTP only for me.
I don't know that that ip_conntrack_ftp would work with TLS encrypted FTP[1]. It wouldn't be able to "peer" into the FTP stream to determine the appropriate data ports to open on the firewall.
Your best bet would be to configure ProFTPD to use a predefined range of passive FTP ports and then just ensure those are opened via iptables.
Ray
[1] There are options here such as only encrypting the authentication portion of the connection or CCC, etc...