Am Die, 2003-08-12 um 20.53 schrieb Peter Marshall: > Hi, My name is Peter Marshall. I am having some problems letting ftp > through my firewall without opening all of the ports. I was trying to get > RELATED to work, but for some reason it will not. Here is an example of > what my file looks like > > $TABLENAME -A FORWARD -d x.x.x.x -o eth2 -j mychain > > $TABLENAME -A mychain -m state --state ESTABLISHED,RELATED -j ACCEPT > $TABLENAME -A mychain -j DROP 1. You need a rule which allows new connections to the FTP-Server. Additionally you have to load the module ip_conntrack_ftp If using NAT you have to load ip_nat_ftp. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
