Re: rules for FTP access

To: debian-firewall@lists.debian.org
Subject: Re: rules for FTP access
From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>
Date: Wed, 31 Aug 2005 16:12:22 +0200
Message-id: <[🔎] 20050831161222.B12455@planetcobalt.net>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 4315ABA9.2000201@gmail.com>; from fabrizio.sannicolo@gmail.com on Wed, Aug 31, 2005 at 03:07:53PM +0200
References: <[🔎] 4315ABA9.2000201@gmail.com>

On 2005-08-31 Fabrizio Sannicolo' wrote:
> I use iptables to forward traffic from Intranet to Internet and
> viceversa using a rule such as
> 
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $SERV_EXT
[...]
> for any chain I let ESTABLISHED and RELATED connection...
> 
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> 
> and, at the end of each chain (INPUT, OUTPUT and FORWARD), I put
> 
> iptables -A INPUT -j DROP

That's what the default policies are for:

iptables -P INPUT DROP

> my problem is that I am not able to enable ftp connections ...

You'll need connection tracking, since FTP uses two channels one of which
is dynamically determined when establishing the connection.

Regards
Ansgar Wiechers
-- 
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668

Reply to:

References:
- rules for FTP access
  - From: Fabrizio Sannicolo' <fabrizio.sannicolo@gmail.com>

Prev by Date: rules for FTP access
Next by Date: Re: rules for FTP access
Previous by thread: rules for FTP access
Next by thread: Re: rules for FTP access
Index(es):
- Date
- Thread