Re: ip_conntrack_ftp problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks, this solved my problem. However, if you check my first post you can see thet in the FORWARD chain I had :

ACCEPT all -- anywhere anywhere state RELATED

but seems it was not enough ... :( and I don't understand. isn't your rule more restrictiv (state RELATED, ESTABILISHED) than my old rule (just related)?

Thanks again,
Laszlo

Vincent Lim wrote:

On Fri, 2003-03-28 at 15:40, Budai Laszlo wrote:



Chain FORWARD (policy ACCEPT)



<snipped the rest>



ACCEPT tcp -- 192.168.101.0/24 anywhere tcp dpt:ftp
ACCEPT tcp -- 192.168.101.0/24 anywhere tcp dpt:ftp-data
DROP tcp -- 192.168.101.0/24 anywhere



<snipped more>



but ftp trough the firewall still does not work. :(
what is wrong?



I would think that the replying packets can't get back.
Try putting a:
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT






[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux