On 2005.12.19 06:52, TAC Forums - tac.forums@xxxxxxxxx wrote:
Hi All, We have a FTP server, (Red Hat Linux 7) behind a firewall, the firewall allows only incomming and established connections on ports 20,21 from any where and evry where. The Problem is, when the customers use FTP clients, the manage to login , but cannot upload/download files if they use PASSIVE FTP connections. Can smeone suggest, how the best way to get out of this situation, should we enable all ports above 1023?
Besides loading the modules, as already discussed, you need to change the filter rules to allow not only ESTABLISHED but also RELATED connections. This eliminates the need to open all the high ports. The new rule would look something like this: $IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -- Jim Laurino nfcan.x.jimlaur@xxxxxxxx Please reply to the list. Only mail from the listserver reaches this address.
