From: Sagara Wijetunga <sagaralists@yahoo.com>
To: netfilter@lists.netfilter.org
Subject: Allow active and passive FTP connections
Date: Thu, 17 Jun 2004 04:03:25 -0700 (PDT) [thread overview]
Message-ID: <20040617110325.97064.qmail@web14723.mail.yahoo.com> (raw)
Hi all
I need to allow active as well as passive FTP
connections to my FTP server.
My firewall configuration is as follows:
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT DROP
:
/sbin/iptables -A INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
:
/sbin/iptables -A INPUT -p tcp --dport 21 --syn -j
ACCEPT
:
/sbin/iptables -A OUTPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
:
I have following issues relating to above rules:
1. For active FTP requests by remote clients, it drops
the data connection request to the remote client from
the server on the OUTPUT chain.
2. For passive FTP requests by remote clients, it
drops the data connection request to the server from
remote clients on the INPUT chain.
I expected the RELATED on both INPUT and OUTPUT chains
will accept active as well as passive FTP connections.
The RELATED is defined on Packet Filtering HOWTO by
Rusty Russell as follows:
<quote>
RELATED
A packet which is related to, but not part of, an
existing connection, such as an ICMP error, or (with
the FTP module inserted), a packet establishing an ftp
data connection.
</quote>
What is this FTP module and how to insert it?
I have already enabled the FTP support as part of the
Linux kernel.
Your comment in this regard is very much appreciated.
Kind regards
Sagara
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
next reply other threads:[~2004-06-17 11:03 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-17 11:03 Sagara Wijetunga [this message]
2004-06-17 12:07 ` Allow active and passive FTP connections Chris Brenton
2004-06-17 12:16 ` Rob Sterenborg
-- strict thread matches above, loose matches on Subject: below --
2004-06-17 12:13 Piszcz, Justin Michael
2004-06-17 12:23 ` Antony Stone
2004-06-17 15:13 ` Sagara Wijetunga
2004-06-17 15:27 ` Antony Stone
2004-06-17 16:29 ` Sagara Wijetunga
2004-06-17 13:06 Piszcz, Justin Michael
2004-06-17 13:24 ` Antony Stone
2004-06-17 15:22 Piszcz, Justin Michael
2004-06-17 16:41 ` Sagara Wijetunga
2004-06-17 16:52 ` Antony Stone
2004-06-17 17:04 Piszcz, Justin Michael
2004-06-18 17:14 Sagara Wijetunga
2004-06-18 19:16 ` Jozsef Kadlecsik
2004-06-19 4:26 ` Sagara Wijetunga
2004-06-21 9:47 ` Jozsef Kadlecsik
2004-06-21 10:57 ` Sagara Wijetunga
2004-06-21 11:10 Piszcz, Justin Michael
2004-06-21 14:56 ` Sagara Wijetunga
2004-06-21 15:03 Piszcz, Justin Michael
2004-06-21 15:21 ` Sagara Wijetunga
2004-06-21 15:43 ` Sagara Wijetunga
2004-06-21 16:18 Piszcz, Justin Michael
2004-06-22 3:10 ` Sagara Wijetunga
2004-06-22 8:16 ` Jozsef Kadlecsik
2004-06-22 15:38 ` Sagara Wijetunga
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040617110325.97064.qmail@web14723.mail.yahoo.com \
--to=sagaralists@yahoo.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.