iptables not so stateful

To: debian-user@lists.debian.org
Subject: iptables not so stateful
From: Clement <clement@ans.com.au>
Date: Sat, 14 Aug 2004 02:20:45 +1000
Message-id: <[🔎] 411CEA5D.6040509@ans.com.au>
In-reply-to: <[🔎] 20040813160249.GA10046@aokiconsulting.com>
References: <[🔎] 411C936D.4040607@ComputerDatasafe.com.au> <[🔎] 20040813160249.GA10046@aokiconsulting.com>

I have this in the iptables setup:

$ADD INPUT   -p tcp  -m state --state ESTABLISHED,RELATED -j ACCEPT
$ADD INPUT   -p udp  -m state --state ESTABLISHED         -j ACCEPT
$ADD OUTPUT  -p tcp  -m state --state ESTABLISHED,RELATED -j ACCEPT
$ADD OUTPUT  -p udp  -m state --state ESTABLISHED         -j ACCEPT
$ADD OUTPUT -p tcp --dport 21 -j ACCEPT
....

And I cannot do ftp. All the data mode traffic of FTP are blocked.Apparently the ESTABLISHED,RELATED specification is not followed. Themodule ipt_state is there and executing the above does not show anyerror message. I have tried "modprobe ipt_state" before the above to nosuccess. Any idea?


H/W is Intel PIII-600,  OS is Sarge with kernel 2.6.7.

Thanks.
Clement

Reply to:

Follow-Ups:
- Re: iptables not so stateful
  - From: Eric Gaumer <gaumerel@titan.ecs.fullerton.edu>
- Re: iptables not so stateful
  - From: John L Fjellstad <john-debian@fjellstad.org>

References:
- apache2 and php4
  - From: John Summerfield <debian@ComputerDatasafe.com.au>
- Re: apache2 and php4
  - From: Osamu Aoki <osamu@debian.org>

Prev by Date: Install scsi module from floppy at installation
Next by Date: Re: Mozilla Firefox: Forbidden page
Previous by thread: Re: apache2 and php4
Next by thread: Re: iptables not so stateful
Index(es):
- Date
- Thread