Re: please help by iptables FORWARD...

To: trader <trade@shstahr.de>
Cc: "lists.debian.org debian-firewal" <debian-firewall@lists.debian.org>
Subject: Re: please help by iptables FORWARD...
From: Mike Mestnik <cheako911@yahoo.com>
Date: Thu, 6 May 2004 04:44:48 -0700 (PDT)
Message-id: <[🔎] 20040506114448.81756.qmail@web11901.mail.yahoo.com>
In-reply-to: <00fc01c4334d$2375af30$b901a8c0@Testrechner>

Yes, I do.  With FTP there is allways be a second ftp-data connection.  By
default this should be on client(s) port 20 I.E. "-d 192.168.1.0/24
--dport 20", however it can be an arbitrary local port.  With pasive FTP
this becomes an arbitrary remote port, not port 20.  Insmod
ip_conntrack_ftp and then you should be able to use --state RELATED to
allow FTP to work.

--- trader <trade@shstahr.de> wrote:
> Hi Mike,
> 
> thanks for your answer, i forward the port 53 for udp and it works fine,
> now
> i can set up all my needed ports like 21, 25, 110...
> 
> another question,
> 
> at the beginning, my FORWARD policie was ACCEPT and i closed the ports
> with
> the following commands:
> 
> iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 1:19 -j DROP
> 
> the same for 22:24, 25:79, 81:109, 111:442, 444:65535
> 
> with this setup i have problems with ftp, i can't get a "complete"
> connect
> to several servers, not all, mostly the connect freeze by "entering
> passive
> mode", than timeout...
> 
> if i open the ports over 50000 than the connect works ok, the rest of
> services such as http/s , pop3, smtp... works fine.
> 
> do you know this problem ?
> 
> thanks for your help
> 
> daniel
> 



	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover

Reply to:

Prev by Date: RE: unsubscribe
Next by Date: Re: open ports with firehol
Previous by thread: Re: please help by iptables FORWARD...
Next by thread: UBSUBSCRIBLE
Index(es):
- Date
- Thread