Search This Blog

Wednesday, August 31, 2005

Re: rules for FTP access

On 2005-08-31 Fabrizio Sannicolo' wrote:
> I use iptables to forward traffic from Intranet to Internet and
> viceversa using a rule such as
>
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $SERV_EXT
[...]
> for any chain I let ESTABLISHED and RELATED connection...
>
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> and, at the end of each chain (INPUT, OUTPUT and FORWARD), I put
>
> iptables -A INPUT -j DROP

That's what the default policies are for:

iptables -P INPUT DROP

> my problem is that I am not able to enable ftp connections ...

You'll need connection tracking, since FTP uses two channels one of which
is dynamically determined when establishing the connection.

Regards
Ansgar Wiechers
--
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668

--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments: