Yet another FTP connection problem

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Erik Pagel <erik.pagel@gmx.de>
To: netfilter@lists.samba.org
Subject: Yet another FTP connection problem
Date: Thu, 06 Jun 2002 17:41:52 +0200	[thread overview]
Message-ID: <ado218$88i$2@main.gmane.org> (raw)

Hi,

there seems to be a problem within my FTP rules. I'm not able to make any 
ftp connection.
I'm able to send but not to recevie any package.
Maybe someone can point me to my mistake.

iptables -N ftp
#No incomming connections, only outgoing and only in PASV mode.
iptables -A ftp -p tcp --dport 20:21 -o $I_EXTERN -j ACCEPT
iptables -A ftp -p tcp --sport 20:21 -i $I_EXTERN -m state --state 
ESTABLISHED,RELATED -j ACCEPT
iptables -A ftp -p tcp --dport 20:21 -i $I_EXTERN -m state --state 
NEW,INVALID -j LOG --log-level warning --log-prefix "DROP:FTP Incomming"
iptables -A ftp -p tcp --dport 20:21 -i $I_EXTERN -m state --state 
NEW,INVALID -j DROP
iptables -A INPUT   -j ftp
iptables -A OUTPUT  -j ftp
iptables -A FORWARD -j ftp

all I get after some tries to establish a connection from my firewall to 
ftp.funet.fi:

iptables -v -L ftp
 pkts bytes target prot opt in     out   source    destination
   20  1200 ACCEPT tcp  --  any    ppp+  anywhere  anywhere  tcp 
dpts:ftp-data:ftp
    0     0 ACCEPT tcp  --  ppp+   any   anywhere  anywhere  tcp 
spts:ftp-data:ftp state RELATED,ESTABLISHED
    0     0 ACCEPT tcp  --  ppp+   any   anywhere  anywhere  tcp 
dpts:ftp-data:ftp state RELATED,ESTABLISHED
    0     0 LOG    tcp  --  ppp+   any   anywhere  anywhere  tcp 
dpts:ftp-data:ftp state INVALID,NEW LOG level warning prefix `DROP:FTP 
Incomming'
    0     0 DROP   tcp  --  ppp+   any   anywhere  anywhere  tcp 
dpts:ftp-data:ftp state INVALID,NEW
--------------------------

Thanks in advance
Erik Pagel

next             reply	other threads:[~2002-06-06 15:41 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-06-06 15:41 Erik Pagel [this message]
  -- strict thread matches above, loose matches on Subject: below --
2002-06-06 15:41 Yet another FTP connection problem Erik Pagel
2002-06-06 15:55 ` Antony Stone
2002-06-06 16:27   ` Erik Pagel
2002-06-06 16:06 ` Antony Stone
2002-06-06 16:30   ` Erik Pagel
2002-06-06 16:50     ` Antony Stone
2002-06-06 16:56       ` Tom Eastep
2002-06-06 17:01         ` Antony Stone
2002-06-06 17:27           ` Tom Eastep
2002-06-06 17:51         ` Erik Pagel
2002-06-06 18:32           ` Tom Eastep
2002-06-06 17:47       ` Erik Pagel
2002-06-06 18:51         ` Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='ado218$88i$2@main.gmane.org' \
    --to=erik.pagel@gmx.de \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox