Hello everyone ,
my clients access the internet like this
client --- proxy server --- eth0 firewall eth1 ----internet
in squid.conf I told squid to always direct allow ftp...
in iptables I've did the following modifications...
iptables -A INPUT -i eth1 -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp --sport 1024:65535 --dport 1024:65535 -m state ESTABLISHED,RELATED -j ACCEPT
passive ftp works... but I cannot get active to work I always get a
200: SWITCHING TO ASCII MODE 500: ILLEGAL PORT COMMAND 500: Unknown COMMAND
what did I mess up ? is there a way to get active working as well...are the above rules correct ? eth1 is my outside interface...the proxy server connects to eth0 directly
Sincerely
Robert B
