Firewall and FTP
Antony at Soft-Solutions.co.uk
Sat Nov 9 10:07:43 PST 2002
On Saturday 09 November 2002 3:50 pm, Oliver Eickenberg wrote:
> With my firewall working for a few weeks now (thanks again for the help
> i received here) i discovered one problem left:
> I tried to grant access to Internet-FTP-sites for my LAN whith enabling
> port 21 exactly as i had enabled port 80 for http. I could connect to
> sites and login successfully but then got timed out every time on any site.
> Is somebody here who knows a solution ?
> Here is my actual "FTP-enabling"
> iptables -A OUTPUT -p tcp -s $myLAN --dport 21 -j ACCEPT
> iptables -A INPUT -p tcp -s $myLAN --sport 21 -m state --state
> -ESTABLISHED -j ACCEPT
Add a line to your INPUT chain to allow RELATED packets, and provided you
have ftp connection tracking compiled in all should be fine - the ftp data
packets will be recognised as 'related' to the control packets on port 21,
and everything will work.
iptables -A INPUT -m state --state RELATED -j ACCEPT
In fact it would probably be a good idea to change the INPUT rule you already
have above so it will allow reply packets for anything you choose to send out:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Just use this one rule in place of both your and my INPUT rules above.
KDE 3.0.3 contains an important fix for handling SSL certificates. Users of
Internet Explorer, which suffers from the same problem but which
does not yet have a fix available, are also encouraged to switch to KDE 3.0.3.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message
More information about the blfs-support