Re: FORWARD allow ftp?
On Sat, 23 Apr 2005 11:16:17 -0700, michael wrote in message
<[🔎] 20050423181228.M16480@etalon.net>:
> Hello,
>
> I wanted to allow my clients behind my firewall to use ftp.
> I've added the rules to my iptables script.
>
> -A FORWARD -p tcp -m tcp --dport 21 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 20 -j ACCEPT
> -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
..looks ok to me.
> Just wanted to get your opinion if this is the correct
> way to do it? The 3rd rule above (--state....) is the one rule
> I'm mostly unsure about.
..it checks whether any response from the ftp servers out there, is
related to "which-one" of your established outgoing ftp traffic or
ftp requests.
> Is this the proper way to allow ftp access?
> What rules do you guys use for ftp?
--
..med vennlig hilsen = with Kind Regards from Arnt... ;o)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Reply to: