[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FORWARD allow ftp?



On Sat, 23 Apr 2005 11:16:17 -0700, michael wrote in message 
<20050423181228.M16480@etalon.net>:

> Hello,
> 
> I wanted to allow my clients behind my firewall to use ftp.
> I've added the rules to my iptables script.
> 
> -A FORWARD -p tcp -m tcp --dport 21 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 20 -j ACCEPT
> -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

..looks ok to me.

> Just wanted to get your opinion if this is the correct 
> way to do it? The 3rd rule above (--state....) is the one rule
> I'm mostly unsure about. 

..it checks whether any response from the ftp servers out there, is
related to "which-one" of your established outgoing ftp traffic or
ftp requests.

> Is this the proper way to allow ftp access?
> What rules do you guys use for ftp?



-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;o)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.




Reply to: