On Mon, Jan 31, 2005 at 05:40:24PM +0100, hamals@xxxxxxxxxxx wrote:
>
> my PCs behind my firewall didn't get ftp connection to
> any external ftp server. Why?
>
> /sbin/modprobe ip_contrack
> /sbin/modprobe ip_contrack_ftp
how about this as well:
/sbin/modprobe ip_nat_ftp
> # LAN -> INTERNET
> iptables -A FORWARD -i $LAN -o $INET -p tcp --dport 21 -j
> ACCEPT
> iptables -A FORWARD -i $LAN -o $INET -p tcp --dport 20 -j
> ACCEPT
second rule is unnecessary.
> # INTERNET ->LAN
> iptables - A FORWARD -i $INET -o $LAN -p tcp -m state
> --state ESTABLISHED, RELATED -j ACCEPT
you need to allow ESTABLISHED,RELATED packets from LAN -> INTERNET as
well, try using:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
instead of your rule above.
> # NAT
> iptables -t nat -A POSTROUTING -s $IPs_LAN -o $INET -j
> SNAT --to-source $INET_IP
-j
--
"My cat's breath smells like cat food."
--The Simpsons
