On Tuesday 13 April 2004 8:47 pm, Michael Gale wrote:
> Hello,
>
> Passive connections to the client work on the local LAN but they are
> connecting to a different IP on the box -- because the server will return
> the external IP of the firewall for passive connections to the main IP.
Yes, I knew that would connect to the other IP on the server - I just wanted
to check that the server was supporting passive connections :)
> I am sure that the problem is that "RELATED" option under state do not work
> with a user defined chain.
Uh?
> iptables -A userchain -i external -o internal -d internalIP -m state
> --state ESTABLISHED,RELATED -j ACCEPT
Nothing wrong with that. No reason at all you can't match those parameters
in a user-defined chain.
I'm not aware of anything in netfilter you can do on a built-in chain which
you can't do on a user-defined chain except apply a default policy.
Regards,
Antony.
--
I don't know, maybe if we all waited then cosmic rays would write all our
software for us. Of course it might take a while.
- Ron Minnich, Los Alamos National Laboratory
Please reply to the list;
please don't CC me.
