On Thu, 14 Oct 2004 13:11:30 +0200, Pim Bliek wrote: > > Hi All, > > I still have trouble, with FTP. A user is able to > login, but cannot > retrieve any data (also no 'ls' because of that). Here > are the lines > in my fw-script about FTP: > > $IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET > --destination-port 20 ! > --syn -j ACCEPT > $IPT -A INPUT -i $NET -m state --state > NEW,ESTABLISHED,RELATED -p tcp > -s 0/0 -d $NET --dport 20 -j ACCEPT > > $IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET > --destination-port 21 -j ACCEPT > $IPT -A INPUT -i $NET -m state --state > NEW,ESTABLISHED,RELATED -p tcp > -s 0/0 -d $NET --dport 21 -j ACCEPT > > What is wrong here? > > Pim > > On Wed, 13 Oct 2004 07:40:09 -0700 (PDT), Sergio Basurto > <[EMAIL PROTECTED]> wrote: > > > > > > > > On Wed, 13 Oct 2004 16:35:46 +0200, Pim Bliek wrote: > > > > > > > > That worked! Thanx a lot! > > > I am not sure I understand how it works, but it > works > > :) > > > > > > Pim > > > > > > > > > On Wed, 13 Oct 2004 07:00:30 -0700 (PDT), Sergio > > Basurto > > > <[EMAIL PROTECTED]> wrote: > > > > On Wed, 13 Oct 2004 15:37:35 +0200, Pim Bliek > wrote: > > > > > > > > > > > > > > Hi All, > > > > > > > > > > I am trying to get a firewall running, but I am > no > > > > > networking expert. > > > > > I use Debian Sid, and kernel 2.4.25-1-386 (yes I > > > need > > > > > to upgrade ;)). > > > > (...) > > > > > Regards, > > > > > Pim Bliek > > > > > > > > > you must add something like this, addapt to your > > > script > > > > variables. > > > > iptables -A INPUT -i $EXTIF -m state --state > > > > NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d > > $EXTIP > > > > --dport 80 -j ACCEPT > > > > > > > > In the line above you specify that allow > connections > > > to > > > > your host in port 80. > > > > > > > > Also you can get excellent documentation in the > > > > following link: > > > > www.netfilter.org > > > > > > > > just addapt this to your script. > > > > > > > > I hope this help. > > > > > > > > I recommend you that separate your rules in the > > > > following order in your script > > > > > > > > INPUT > > > > OUTPUT > > > > FORWARD > > > > PREROUTING > > > > POSTROUTING > > > > > > > > in order to get it more readable. > > > > > > > > Regards. Hello, you must enable the module ip_conntrack_ftp and ip_nat_ftp
I hope this help. Please do not post reply. I mean always include you reply at the end of the message ok. Regards. -- Sergio Basurto J. If I have seen further it is by standing on the shoulders of giants. (Isaac Newton) -- -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
