Le mar 29/07/2003 à 20:12, Gary Metcalf a écrit : > I set my INPUT tables to DROP all tcp entries. Before that line I put in > some ports to ACCEPT such as port 80 for http. This works as I had a > friend run nmap to my ip and it came back with all blocked except for > port 80. He could also get my Web page via a browser. I Have one problem > still. When I try to ftp out to a site I can get loged in but if I enter > any command such as 'ls' or '?' I get the message back that 200 PORT > command successfull but I never see the list of files or commands. I > can't even execute a 'bye' command and get out. What port do I need > opened up to use ftp from my computer to another. > I tried ports 20, 21, 69 and 115 but they did no good. I found these > in the /etc/services file. This a VFAQ... modprobe ip_conntrack_ftp. Then use state matching aginst ESTABLISHED and RELATED packets to let them get in. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (quick and dirty, but it works ;)). -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
