For better stateful packet inspection I would recommend moving your firewall from ipchains -> iptables which has a better stateful engine... This will watch the related packets (ie- ftp & ftp-data) as well as the connections already established...
Jeremy T. Bouse
Andrew Perrin was said to been seen saying:
> Apologies if I've already asked this - I can't remember anymore!
>
> I now have a DSL connection, and as such would like to use ipchains to do
> the following:
>
> 1.) Deny all incoming packets coming in on eth1 (the card connected to the
> DSL gateway) except those destined for port 22 (ssh) or ICMP packets, or
> of course packets responding to outgoing packets; and
>
> 2.) Make masqueraded connections from other machines on my private network
> never time out.
>
> I've been working on it, but keep running into brick walls.
>
>
> Thank for any advice-
> Andy
>
> ----------------------------------------------------------------------
> Andrew J Perrin - [EMAIL PROTECTED] - http://www.unc.edu/~aperrin
> Asst Professor of Sociology, U of North Carolina, Chapel Hill
> 269 Hamilton Hall, CB#3210, Chapel Hill, NC 27599-3210 USA
>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
,-----------------------------------------------------------------------------,
|Jeremy T. Bouse, CCNA - UnderGrid Network Services, LLC - www.UnderGrid.net |
| Public PGP/GPG key available through http://wwwkeys.us.pgp.net |
| If received unsigned (without requesting as such) DO NOT trust it! |
| [EMAIL PROTECTED] - NIC Whois: JB5713 - [EMAIL PROTECTED] |
`-----------------------------------------------------------------------------'
pgp7zxdkcC8aS.pgp
Description: PGP signature
