iptables question for the experts
Chris Brenton
cbrenton at chrisbrenton.org
Tue Jul 18 15:40:01 EDT 2006
On Mon, 2006-07-17 at 18:19 -0400, Dan Coutu wrote:
>
> I am expecting that following line opens traffic to the remote server on
> whatever port passive mode ftp chooses to use:
eeek! Scary rules. ;-p
Just to verify, these are the rules on the client which is connecting to
the server, correct? If so try this:
insmod ip_conntrack_ftp.ko
insmod ip_nat_ftp.ko
iptables -A OUTPUT -p tcp -d <server ip> --dport 25 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISH,RELATED -j ACCEPT
note you don't need to install ip_nat_ftp unless you have boxes sitting
behind this one.
HTH,
Chris
More information about the gnhlug-discuss
mailing list