I know this is a bit related to the discussion that has been going on lately on this list .. but it has a small twist that I think may change the solution. Here's a diagram of my network : *world* <-- linux router <-- ftp server What I have set up is a port forward in the inetd of the linux router as such : ftpforward stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/redir --inetd --syslog --name=redir ftpserver 21 and in the /etc/services : ftpforward 11873/tcp What I wanted to design was a way I could limit the incoming traffic to only those hosts that I know of. I am using tcpwrappers to do this, and this works fine. Here is a log of what happens when somone connects : Jun 9 20:19:32 router tcplog: ftpforward connection attempt from external.host.blah Jun 9 15:19:34 router redir[21953]: connect from external.host.blah Jun 9 20:19:34 router redir[21953]: connecting xxx.xxx.xxx.xxx/15120 to ftp.server.ip/5376 Jun 9 15:19:35 ftpserver in.ftpd[10962]: connect from router Jun 9 15:19:52 ftpserver ftpd[10962]: FTP LOGIN FROM router [router.ip], username Jun 9 15:20:01 ftpserver ftpd[10962]: refused PORT 0,4157 from router I tried telling the ip_masq_ftp module to listen on the above port, but then redir can't work its magic ... so does anyone have any idea how I can implement this? It doesn't seem that pasv is a good solution thoug because I want people to be able to use this with any ftp client such as netscape, regular unix ftp, etc. Thanks in advance! Aaron --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
