On December 19, 2003 02:37 am, Mike Sowka wrote: > Hello Everyone, > > I just have a few "entry-level" questions: > > #1 Just installed Redhat AS, and can't figure out why vsftpd doesn't > work in passive mode. I have NEW tcp packets with --dport 21 -j to > ACCEPT, and the following line > > -m state --state ESTABLISHED,RELATED -j ACCEPT > > that should jump RELATED ftp packets to accept too... ?right?? Well it > doesn't work. > Actaully, it will work, but I suspect that you dont have the ip_conntrack_ftp module loaded (or available in the kernel) ... This would provide the helper that would identify ESTABLISHED,RELATED connections. > #2 Disclaimer: this one is VAIN... after messing around with the nat > table, I took out any reference to the nat table from my > /etc/sysconfig/iptables but when I `/sbin/service iptables status` the > nat table still prints with all of the chains empty... where does this > info for the nat table persist? Likely since iptable_nat module is still loaded -- or built in. If the rules are empty, the tables have no affect. > > Thanx for your patience in swatting any confusion for me, > Mike > > P.S. attaching iptable for reference concerning Q #1 *ummm* ... Is this box a gateway/router? ... if NOT iptables -P FORWARD DROP is advisable. --- and some work on the OUTPUT chain as well ... but thats me.
