iptables question for the experts
Dan Coutu
coutu at snowy-owl.com
Mon Jul 17 18:17:01 EDT 2006
I'm trying to troubleshoot what seems like it ought to be a simple
iptables configuration. Here's the goal here:
The server has a cron job that periodically uses ftp to fetch from a
remote server an updated script to be used for doing backups.
ftp is configured to use passive mode.
I am expecting that following line opens traffic to the remote server on
whatever port passive mode ftp chooses to use:
-A INPUT -s 64.39.2.176 -p tcp -m tcp --sport 1:65535 --dport 1:65535 -m
state --state ESTABLISHED -j ACCEPT
The next line immediately follows it in the iptables config file and it
allows basic ftp traffic in the first place.
-A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
When I use wget to test the fetch operation I see it establish a
connection successfully, go into passive mode, and time out.
Any idea what I'm doing wrong here?
Thanks in advance,
Dan
More information about the gnhlug-discuss
mailing list