may be the problem is you don't try to use -i option, since you are using INPUT chain right, try to use it with that option iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -i eth0 -s 0/0 -d 0/0 -j ACCEPT something like the above lines *********** REPLY SEPARATOR *********** On 04/05/2003 at 16:05 PM David Gaudine wrote: >When I try this line >iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >the response is >iptables: No chain/target/match by that name > >I am using kernel 2.4.20 and iptables 1.2.8, and have included these >options: >CONFIG_IP_NF_CONNTRACK=y >CONFIG_IP_NF_FTP=y >CONFIG_IP_NF_IPTABLES=y >CONFIG_IP_NF_FILTER=y > >If I shorten the command to >iptables -A INPUT -m state --state -j ACCEPT >(which is obviously invalid) the error message is >iptables v1.2.8: Bad state `-j' >which shows that "-m state" and "--state" are recognized, only the part >about >ESTABLISHED,RELATED >is unrecognized. Why is this? Is there another kernel options that I >should have included? > >Also, I'd love to see a working example of using iptables to handle ftp >connections. The above line doesn't seem quite right; for one thing, it >doesn't specifically mention that it's for ftp. Should I have an INPUT and >an OUTPUT line that both specify port 20 and the connection tracking? > >I was quite pleased that I was able to get my firewall working without >flooding you people with questions, until I noticed that ftp wasn't >working. >Silly me, during my early testing I tested ftp just by establishing a >connection and quitting, it didn't occur to me to try to transfer a file. > >David
