I'm having a dickens of a time setting up proper, secure IPTABLES rules to allow passive ftp connections to my ftp server. This box has no MASQ going on (not behind a firewall). I've got the ftp server setup correctly, and active transfers work fine, and passive transfers work if I remove all my iptables rules.
My relevant iptables information: lsmod Module Size Used by Not tainted ip_conntrack_ftp 5216 0 (unused) ipt_state 1536 3 (autoclean) ip_conntrack 22924 2 (autoclean) [ip_conntrack_ftp ipt_state] ipt_multiport 1632 2 (autoclean) iptable_filter 2752 1 (autoclean) ip_tables 14656 3 [ipt_state ipt_multiport iptable_filter] iptables setup script : iptables -A INPUT -i eth0 -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT ... iptables -A INPUT -i eth0 -p tcp --syn -j DROP iptables -L: ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpts:1024:65535 state RELATED,ESTABLISHED ... DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN Most of the online help I can find is from the client side of IPTABLES, haven't found a good server howto yet. Any help or suggestions are appreciated! Thanks, Matthew -- Matthew Boeckman (816) 777-2160 Manager - Systems Integration Saepio Technologies -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
