As read here : http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html
modprobe ip_conntrack_ftp would give me the ability to use active ftp if I have (pseudo/simplified code)
iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j DROP
but I cant use active ftp, WHAT IS WRONG.. eth0 is the internal interface..
If you are NATing use ip_nat_ftp aswell.
Not sure that that firewall rule is OK - but then I don't know what else you have.
My firewall is a direct copy and paste from one of rustys guides - ppp0 is my external interface -
## Create chain which blocks new connections, except if coming from inside.
iptables -N block iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT iptables -A block -j DROP
## Jump to that chain from INPUT and FORWARD chains. iptables -A INPUT -j block iptables -A FORWARD -j block
Andy.
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
