RE: Broken ftp through iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanx,

I was missing the following line.  All seems to be good now.  Thanx for
the help.

-p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

Landon

-----Original Message-----
From: Peter Marshall [mailto:peter.marshall@xxxxxxxxx] 
Sent: Tuesday, August 26, 2003 12:00 PM
To: Landon Chelf; netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: Broken ftp through iptables


If you want to use passive ftp you have to allow stuff destined to port
21 and you also have to allow ( for the commands) traffic to come in on
some port that you don't get to pick.  The way to to this without
actually opening a whole bunch of ports is like this

>From inside network going out and on forward chain
    -p tcp --dport  21 -j ACCEPT
    -p tcp -m state --state RELATED - j ACCEPT

FROM outside network back in on the Forward chain
   -p tcp -m state --state ESTABLISHED -j ACCEPT


If you want to do Active ftp .... well .... trust me, you dont want to
do this :)


----- Original Message -----
From: "Landon Chelf" <landonc@xxxxxxxxxxxxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, August 26, 2003 12:21 PM
Subject: Broken ftp through iptables


> Hello,
>
> I've ran into a recent problem both on rh8 and rh9 using iptables.  
> I've setup my firewall to drop everything incomming and forward and am

> only allowing certain ports to be open.  I've opened ftp (port 21 tcp)

> and I can connect via FTP from one machine and authenticate, but when 
> I issue my first command like "ls" for instance the connection locks 
> up and won't do anything.  Is there a way to fix this?
>
> Landon
>
>



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux