Le vendredi 27 janvier 2006 à 11:34 -0800, Christian Seberino a écrit : > Active FTP seems to need to open new sockets. > > This creates problems for NAT'ing firewalls. > > What is easiest way to open the right ports > > and do NAT'ing back to clients on 192.168.x.y IP addresses? Netfilter has a module called ip_conntrack_ftp which is used to take new socket opening into account for the ftp protocol. To use that feature you need t load the module and use a rule which accept packet RELATED to another connection : iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT BR, -- Éric Leblond, eleblond@xxxxxx Téléphone : 01 44 89 46 40, Fax : 01 44 89 45 01 INL, http://www.inl.fr
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
