Firewall and FTP
oliver at eickenberg.de
Sat Nov 9 07:50:19 PST 2002
With my firewall working for a few weeks now (thanks again for the help
i received here) i discovered one problem left:
I tried to grant access to Internet-FTP-sites for my LAN whith enabling
port 21 exactly as i had enabled port 80 for http. I could connect to
sites and login successfully but then got timed out every time on any site.
I searched the net and found out, that this is not a surprise, because
port 21 is only used as a kind of ftp-handshaking and that the
data-transfer is handled on a separate port. For that port is not always
the same, how can one now build a firewall with ftp going through ? That
question, the sites i found haven't answered understandable for me.
Is somebody here who knows a solution ?
P.S.: Here is my actual "FTP-enabling"
iptables -A OUTPUT -p tcp -s $myLAN --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -s $myLAN --sport 21 -m state --state
-ESTABLISHED -j ACCEPT
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message
More information about the blfs-support