Did you "modprobed" the nat FTP Module? modprobe ip_nat_ftp
Did you allow also the ftp-data port? From /etc/services:
ftp-data 20/tcp ftp 21/tcp
bye
Pim Bliek wrote:
Hi All,
I still have trouble, with FTP. A user is able to login, but cannot retrieve any data (also no 'ls' because of that). Here are the lines in my fw-script about FTP:
$IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET --destination-port 20 ! --syn -j ACCEPT $IPT -A INPUT -i $NET -m state --state NEW,ESTABLISHED,RELATED -p tcp -s 0/0 -d $NET --dport 20 -j ACCEPT
$IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET --destination-port 21 -j ACCEPT $IPT -A INPUT -i $NET -m state --state NEW,ESTABLISHED,RELATED -p tcp -s 0/0 -d $NET --dport 21 -j ACCEPT
What is wrong here?
Pim
On Wed, 13 Oct 2004 07:40:09 -0700 (PDT), Sergio Basurto <[EMAIL PROTECTED]> wrote:
On Wed, 13 Oct 2004 16:35:46 +0200, Pim Bliek wrote:
That worked! Thanx a lot! I am not sure I understand how it works, but it works
:)
Pim
On Wed, 13 Oct 2004 07:00:30 -0700 (PDT), Sergio
Basurto
<[EMAIL PROTECTED]> wrote:
On Wed, 13 Oct 2004 15:37:35 +0200, Pim Bliek wrote:
Hi All,
I am trying to get a firewall running, but I am no networking expert. I use Debian Sid, and kernel 2.4.25-1-386 (yes I
need
to upgrade ;)).
(...)
Regards, Pim Bliek
you must add something like this, addapt to your
script
variables. iptables -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d
$EXTIP
--dport 80 -j ACCEPT
In the line above you specify that allow connections
to
your host in port 80.
Also you can get excellent documentation in the following link: www.netfilter.org
just addapt this to your script.
I hope this help.
I recommend you that separate your rules in the following order in your script
INPUT OUTPUT FORWARD PREROUTING POSTROUTING
in order to get it more readable.
Regards.
-- Sergio Basurto J.
If I have seen further it is by standing on the shoulders of giants. (Isaac Newton) -- --
Ing. Sergio Basurto Juárez Tel: 04455-85322945
--
- Riccardo Tortorici -
Linux Registered User #365170
Count yourself @ http://counter.li.org/ !
Proudly Running Debian GNU/Linux "Sid" - Linux Kernel 2.6.8.1
--
HTML email can be dangerous, is not always readable, wastes bandwidth and is simply not necessary please don't send them to me!
If you don't know what I'm talking about please read this:
http://www.georgedillon.com/web/netiquette.shtml
-- Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor: Telefonare all'estero risparmiando fino all'80%? Con Email.it Phone Card puoi, clicca e scopri tutti i vantaggi Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2683&d=14-10
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
