ipchains and ftp problem
I'm looking for a bit of advice configuring our Potato based firewall, bridging between 2 public networks (so there's no NAT/masquerading or such involved). On the inside there're a couple of mail-, web- and ftp-servers. My ipchains script is basically set to DENY anything, except for the services which actually run on a particular machine on the inside.
For instance, http and smtp work just like you would expect, but I'm now stuck on ftp. ftp and ftp-data is set to ALLOW in both directions, logging in works without problems, although it feels already slow. The real trouble starts when uploading files to our ftp servers from the outside, it's slow as hell at best, most of the time the connection dies within a few minutes.
I think I need a fresh perspective on this, I'm really stuck. Maybe someone has a working snipet from their own ipchains script that I can incorporate, or can advice me what to look for.
Thanks for your help in advance,
- Erik Dörnbach -