Re: open ports with firehol

To: debian-firewall@lists.debian.org
Subject: Re: open ports with firehol
From: Jonas Meurer <jonas@freesources.org>
Date: Thu, 6 May 2004 00:01:49 +0200
Message-id: <[🔎] 20040505220149.GB5857@resivo.mejo.net>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <87n04vh1s5.fsf@enki.rimspace.net>
References: <20040429035100.4442.qmail@web11904.mail.yahoo.com> <87n04vh1s5.fsf@enki.rimspace.net>

On 29/04/2004 Daniel Pittman wrote:
> > Dose not connection tracking take care of both active and passive FTP? 
> > These both should fall under state RELATED not state NEW.
> 
> The firehol script treats it as a complex service, because there are
> connections going both ways.  If you look at the relevant function in
> /lib/firehol/firehol (line 869) you will see what firehol does to set it
> up.

mh, now with
server_myftp_ports="tcp/211:215"
client_myftp_ports="default"

i get after logging in with 'lftp -p 211 user@www.kidns.de' from a
remote machine and trying to list the content with 'ls':
`ls' at 0 [Connecting...]
`ls' at 0 [Sending commands...]
`ls' at 0 [Waiting for response..]
`ls' at 0 [Making data connection...]
and there it starts idling for infinity. so it seems like no data is
delivered to my remote machine. any suggestions why that could be?
from the firewall/ftp machine itself it works well, so no problem with
the ftp-server.

it's quite important to have these 5 ports open, so if you have no
suggestions to fix the above, how do the iptables commands look like to
open these 5 ports for ftp connection?

bye
 jonas

Reply to:

Prev by Date: Re: where the people are using iptables
Next by Date: please help by iptables FORWARD...
Previous by thread: Unidentified subject!
Next by thread: Re: open ports with firehol
Index(es):
- Date
- Thread