Hello, I am wondering if any one can help me out with this. On our production FTP server and have setup of the firewall rules to allow FTP traffic. $IPT -A INPUT -i $EXT -p tcp -d $EXT_IP --destination-port ftp -j ACCEPT $IPT -A INPUT -i $EXT -d $EXT_IP -m state --state RELATED -j ACCEPT $IPT -A INPUT -i $EXT -d $EXT_IP -m state --state ESTABLISHED -j ACCEPT Above these rules I have the following: $IPT -A INPUT -i $EXT -f -j firewall $IPT -A INPUT -i $EXT -d $EXT_IP -m unclean -j firewall $IPT -A INPUT -i $EXT -d $EXT_IP -p tcp ! --syn -m state --state NEW -j firewall The firewall target logs the info and then drops the packet. In my log I am seeing the following -- but our production FTP server is currently out side of our network so we can connecting to it through a Cisco router. Not my doing :( Dec 3 15:00:57 lightning kernel: Firewall:IN=eth0 OUT= MAC=X.X.X.X SRC=CISCO_ROUTER DST=FTP_SERVER LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=16538 PROTO=TCP SPT=5 DPT=35607 WINDOW=0 RES=0x00 ACK RST URGP=0 There are a large number of these packets -- at first it thought maybe it was the Cisco router doing something funny when a FTP connect closed and it was trying to close or reset the data channel. Any ideas ? -- Michael Gale Network Administrator Utilitran Corporation
