Thanks, it worked! Am Donnerstag, 20. Januar 2005 16:49 schrieb Jason Opperisano: > On Thu, 2005-01-20 at 10:29, Marcel Koppe wrote: > > Hi, > > > > till today I've used a firewallscript on a "SuSE Linux 7.1" system based > > on iptables 1.2.6a. (script is at the end of this message) > > > > Today I've created a new firewallsystem on a "SuSE Linux 9.2" system > > based on iptabels 1.2.11. > > > > It seemed to work without any problems like the old firewall till I tried > > to use ftp on my ftpserver on the dmz from outside the network. > > > > The ftpserver asks for a username and password which means that the > > routing works to the dmz but if I type ls and it changes to "extendes > > passive mode" I'm getting a timeout error from the "real" ip adress of > > the ftp server. > > > > Thats strange because I'm sure that all preferences are the same on the > > new machine as on the old machine. (networkdevices are in the same order > > too) > > > > I would be very grateful if anyone can help me find a way to fix this > > problem. > > > > kind regards > > > > Marcel > > add this to your script: > > modprobe ip_conntrack_ftp > modprobe ip_nat_ftp > > if you want to be fancy, since your script looks rather stylish: > > if (! lsmod | grep -q ip_conntrack_ftp); then > modprobe ip_conntrack_ftp > fi > if (! lsmod | grep -q ip_nat_ftp); then > modprobe ip_nat_ftp > fi > > -j > > -- > "It takes two to lie. One to lie and one to listen." > --The Simpsons -- UNIX Administrator EDV Nuklearmedizin Klinikum rechts der Isar der TU München Ismaninger Straße 22 BAU 557 81675 München
