[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FORWARD allow ftp?

On Sat, 23 Apr 2005 11:16:17 -0700, michael wrote in message 

> Hello,
> I wanted to allow my clients behind my firewall to use ftp.
> I've added the rules to my iptables script.
> -A FORWARD -p tcp -m tcp --dport 21 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 20 -j ACCEPT

..looks ok to me.

> Just wanted to get your opinion if this is the correct 
> way to do it? The 3rd rule above (--state....) is the one rule
> I'm mostly unsure about. 

..it checks whether any response from the ftp servers out there, is
related to "which-one" of your established outgoing ftp traffic or
ftp requests.

> Is this the proper way to allow ftp access?
> What rules do you guys use for ftp?

..med vennlig hilsen = with Kind Regards from Arnt... ;o)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Reply to: