Firewall and FTP

Jim Gifford jim at jg555.com
Sat Nov 9 11:27:41 PST 2002


You need to do something like this.
 $IPTABLES -t filter -A INPUT -p tcp --dport 1024:65535 -m state --state
RELATED -j ACCEPT
	$IPTABLES -t filter -A INPUT -p udp --dport 1024:65535 -m state --state
RELATED -j ACCEPT

"Oliver Eickenberg" <oliver at eickenberg.de> wrote in message
news:aqjavt$pap$1 at quasar.highos.com...
> Hello,
>
> With my firewall working for a few weeks now (thanks again for the help
> i received here) i discovered one problem left:
>
> I tried to grant access to Internet-FTP-sites for my LAN whith enabling
> port 21 exactly as i had enabled port 80 for http. I could connect to
> sites and login successfully but then got timed out every time on any
site.
>
> I searched the net and found out, that this is not a surprise, because
> port 21 is only used as a kind of ftp-handshaking and that the
> data-transfer is handled on a separate port. For that port is not always
> the same, how can one now build a firewall with ftp going through ? That
> question, the sites i found haven't answered understandable for me.
>
> Is somebody here who knows a solution ?
>
> Thanks, Oliver
>
> P.S.: Here is my actual "FTP-enabling"
>
> iptables -A OUTPUT -p tcp -s $myLAN --dport 21 -j ACCEPT
> iptables -A INPUT  -p tcp -s $myLAN --sport 21 -m state --state
> -ESTABLISHED -j ACCEPT
>


-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list