My firewall is based on the debian ipmasq scripts with a couple of
I have setup my firewall to block all incoming SYN packets from the outside
world except for services that I want accessible.
$IPCHAINS -A input -j ACCEPT -i $i -d $IPOFIF/32 -p tcp ! --syn
Now this works fine for masquerading except for outgoing FTP. Passive FTP
works fine but normal FTP doesn't.
Now I thought that this is what the ip_masq_ftp modules is for. And this
module works if I'm not blocking all incoming SYN packets.
So I guess my question is, does ip_masq_ftp use a discrete range of ports for
FTP connections or does it use everything between 1024-65535? Is there a way
to tell it to use a particular range of ports as I don't like opening up the
whole range due to the fact that many daemons use non priviliged ports these
P.S. Please CC replies.
public key available at http://www.minihub.org/~iain/iain.asc