On Thursday 2008-04-10 03:16, Ming-Ching Tiew wrote: > >1. FORWARD rule policy is DROP. >2. Inside can ACCEPT NEW connection to go to outside. >3. ACCEPT established or related connections. >4. FORWARD tcp port 21 from outside to the > inside FTP server is ACCEPT. > >Will the connection tracking modules help in allowing >passive FTP session to get through to the FTP server ? Make sure nf_conntrack_ftp is loaded so that RELATED can do its job. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
