[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rules for FTP access

On 2005-09-02 Fabrizio Sannicolo' wrote:
> Ansgar -59cobalt- Wiechers wrote:
>> Port 20/tcp on the server is *only* needed for *active* FTP (and
>> would then have to be a --sport anyway, since the server initiates
>> the data connection). Passive FTP uses TCP ports above 1023 for the
>> data connection, which is initiated by the client. However, with
>> connection tracking enabled,
> 
> thus, if I understand right, it is enought that I include the lines
> below in my iptables script:
> 
> $MODPROBE ip_conntrack_ftp
> $MODPROBE ip_nat_ftp
> 
> iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 21 -m state --state NEW -j ACCEPT

Correct. You'll need "$MODPROBE ipt_conntrack" too, if connection
tracking support is compiled as a module.

Regards
Ansgar Wiechers
-- 
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668
Reply to: