I have a firewall/router which is setup to do connection
tracking firewalling but does not do NAT. And I would like
to house an FTP server inside the firewalled router.
The firewall is setup to do this :-
1. FORWARD rule policy is DROP.
2. Inside can ACCEPT NEW connection to go to outside.
3. ACCEPT established or related connections.
4. FORWARD tcp port 21 from outside to the
inside FTP server is ACCEPT.
No PREROUTING DNAT and POSTROUTING SNAT,
since the box does not do NAT.
Will the connection tracking modules help in allowing
passive FTP session to get through to the FTP server ?
Any comments ?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
