Hi,
I'm having trouble setting up an ftp server, wrt passive mode and the
data channel.
My relevant ruleset looks like this (from iptables -v -L <chain>):
INPUT (Policy: DROP):
70896 72M ACCEPT all -- any any anywhere anywhere
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp spts:1024:65535 dpts:1024:65535 state ESTABLISHED
3 170 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:ftp state NEW
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:ftp-data state NEW
OUTPUT (Policy: DROP):
74312 69M ACCEPT all -- any any anywhere anywhere
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp spts:1024:65535 dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp spt:ftp-data
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp spt:ftp
The data connections get filtered out in the Input chain, log entries
look like this:
Jul 21 09:52:59 turing kernel: Dropped from input IN=ppp0 OUT= MAC=
SRC=128.32.112.247 DST=82.82.155.165 LEN=60 TOS=0x00 PREC=0x00 TTL=48
ID=59818 DF PROTO=TCP SPT=2577 DPT=34510 WINDOW=32767 RES=0x00 SYN URGP=0
Linux kernel 2.4.21, ip-conntrack-ftp module is loaded,
iptables version 1.2.8.
I didn't find anything new or useful in online recepies, nor do I see
anything obviously wrong (to me that is, I do get stricken by selective
blindness from time to time though ;) ). Anyone have any ideas?
Regs,
Sven
--
Sven Riedel sr@xxxxxxxx
Liebigstr. 38
30163 Hannover "Python is merely Perl for those who
prefer Pascal to C" (anon)
