Re: iptables, ftp and dnat?

To: debian-user@lists.debian.org
Subject: Re: iptables, ftp and dnat?
From: Glenn English <ghe@slsware.com>
Date: Fri, 05 Dec 2008 13:57:45 -0700
Message-id: <[🔎] 493995C9.3020803@slsware.com>
Reply-to: ghe@slsware.com
In-reply-to: <[🔎] 20081205204535.GA3013@samad.com.au>
References: <[🔎] 49396673.9070908@gmail.com> <[🔎] 20081205185326.GE18045@samad.com.au> <[🔎] 4939908D.1010705@gmail.com> <[🔎] 20081205204535.GA3013@samad.com.au>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> 
> Commenting it out, everything looks good until after I log in and try
> to do an "ls" when it returns:
> ftp> ls
> 227 Entering Passive Mode (10,1,1,32,205,208).
> 
> Then nothing.

I've configured my ftp server to use a specific, small range of ports
for passive mode data, then poked a hole in the iptables filter for
them. What you're describing sounds like the reason I did that...

- --
Glenn English
ghe@slsware.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk5lckACgkQ04yQfZbbTLbRZACfVLeqhijpDKKrinG7vAJZu8w4
OEMAni9ryKM4Mepy+APl16pZUWokrNY8
=b+z+
-----END PGP SIGNATURE-----

Reply to:

References:
- iptables, ftp and dnat?
  - From: "Robert L. Harris" <robert.l.harris@gmail.com>
- Re: iptables, ftp and dnat?
  - From: Alex Samad <alex@samad.com.au>
- Re: iptables, ftp and dnat?
  - From: "Robert L. Harris" <robert.l.harris@gmail.com>
- Re: iptables, ftp and dnat?
  - From: Alex Samad <alex@samad.com.au>

Prev by Date: Re: Record or Download RTMPT Stream
Next by Date: Re: Remote signing of large files
Previous by thread: Re: iptables, ftp and dnat?
Next by thread: Re: iptables, ftp and dnat?
Index(es):
- Date
- Thread