Re: FTP through ipmasq

To: "List, debian-user" <debian-user@lists.debian.org>
Subject: Re: FTP through ipmasq
From: Simon Law <sfllaw@engmail.uwaterloo.ca>
Date: Tue, 27 Aug 2002 01:19:12 -0400
Message-id: <[🔎] 20020827051912.GV7824@engmail.uwaterloo.ca>
Mail-followup-to: "List, debian-user" <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20020827051256.GF27138@ursine.dyndns.org>
References: <[🔎] 20020827041946.GC27138@ursine.dyndns.org> <[🔎] 20020827045732.GS7824@engmail.uwaterloo.ca> <[🔎] 20020827051256.GF27138@ursine.dyndns.org>

On Mon, Aug 26, 2002 at 10:12:56PM -0700, Paul Johnson wrote:
> On Tue, Aug 27, 2002 at 12:57:32AM -0400, Simon Law wrote:
> > 	Make sure you are telling iptables that you want to accept
> > ESTABLISHED and RELATED connexions.  This will enable active FTP
> > support, if you have the FTP connexion tracking module enabled.
> 
> OK...I haven't gotten into stateful firewalling much yet...could I get
> an example?

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP

are the first two rules in my INPUT chain.  After that, I open up a
couple more holes before REJECTing all other traffic.  Read Rusty's
HOWTOs on the subject matter.  They are very good.

Simon

Reply to:

Follow-Ups:
- Re: FTP through ipmasq
  - From: Paul Johnson <baloo@ursine.dyndns.org>

References:
- FTP through ipmasq
  - From: Paul Johnson <baloo@ursine.dyndns.org>
- Re: FTP through ipmasq
  - From: Simon Law <sfllaw@engmail.uwaterloo.ca>
- Re: FTP through ipmasq
  - From: Paul Johnson <baloo@ursine.dyndns.org>

Prev by Date: Re: sid: Warning: Perl funkitude in today's upgrade
Next by Date: Re: USB mouse on Toshiba Satellite 2800 Woody with kernel 2.2.20 and xfree-comm 4.1.0-16
Previous by thread: Re: FTP through ipmasq
Next by thread: Re: FTP through ipmasq
Index(es):
- Date
- Thread