From: "Michael Klinteberg" <micke@klintan.se>
To: netfilter@lists.netfilter.org
Subject: Re: ftp and ssl
Date: Wed, 5 Nov 2003 23:26:14 +0100 [thread overview]
Message-ID: <002701c3a3eb$d31756b0$c800a8c0@klintan.cjb.net> (raw)
In-Reply-To: 33da01c3a34d$84fe6660$2288e7c0@promed.com.au
----- Original Message -----
From: "Stuart J. Browne" <stuart@promed.com.au>
To: <netfilter@lists.netfilter.org>
Sent: Wednesday, November 05, 2003 4:33 AM
Subject: RE: ftp and ssl
>
>
> >-----Original Message-----
> >From: netfilter-admin@lists.netfilter.org
> >[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Ted Kaczmarek
> >Sent: Wednesday, 5 November 2003 13:03
> >To: Michael Klinteberg
> >Cc: netfilter@lists.netfilter.org
> >Subject: Re: ftp and ssl
> >
> >
> >Allow tcp port 443 :-)
> >
> >Ted
> >On Tue, 2003-11-04 at 09:36, Michael Klinteberg wrote:
> >> I need to setup ftp that use ssl. I don't know if
> >ip_conntrack_ftp supports
> >> ssl. What are my options here?
> >> What do I need to know to setup the iptables rules/modules?
> >>
> >> Regards
> >> Michael
>
> Isn't 443 SSL over HTTP? :)
>
> By default, it looks as if netfilter only watch port 21, but you can
> pass it an option (called 'ports') of the ports you want to treat as FTP
> as well.
>
> How are you doing SSL FTP's?
WS_FTP Server.
>
> Using ssh's sftp? This just uses standard ssh ports.
>
> SSL FTP client (does anybody use this?) I beleive has the
> services entry of 'sftp' and is port 115. I've not seen a production
> implementation of this though
>
> If using 'sftp' from the OpenSSH packages, there is no need for any
> conntrack helpers, as it all uses the same port.
>
> If using the later however, given that the channel will be encrypted, I
> don't see how this conntrack would work at all.
>
> just my thoughts..
>
A lot of responses here :-) Still don't know what to do?
I could however set up rules that allow everything from the ftp client (me)
to the ftp server and then run tcpdump and see what's going on. Is this a
god approach?
/Michael K
next prev parent reply other threads:[~2003-11-05 22:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-04 14:36 ftp and ssl Michael Klinteberg
2003-11-05 3:03 ` Ted Kaczmarek
2003-11-05 3:33 ` Stuart J. Browne
2003-11-05 9:37 ` Maciej Soltysiak
2003-11-05 10:10 ` Marcin Kaminski
2003-11-05 10:41 ` Maciej Soltysiak
2003-11-05 22:26 ` Michael Klinteberg [this message]
2003-11-05 23:59 ` Alistair Tonner
2003-11-06 8:12 ` Maciej Soltysiak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='002701c3a3eb$d31756b0$c800a8c0@klintan.cjb.net' \
--to=micke@klintan.se \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.