iptables question for the experts
Dan Coutu
coutu at snowy-owl.com
Tue Jul 18 21:22:00 EDT 2006
Chris Brenton wrote:
> On Mon, 2006-07-17 at 18:19 -0400, Dan Coutu wrote:
>
>> I am expecting that following line opens traffic to the remote server on
>> whatever port passive mode ftp chooses to use:
>>
>
> eeek! Scary rules. ;-p
>
> Just to verify, these are the rules on the client which is connecting to
> the server, correct? If so try this:
>
> insmod ip_conntrack_ftp.ko
> insmod ip_nat_ftp.ko
>
> iptables -A OUTPUT -p tcp -d <server ip> --dport 25 -j ACCEPT
> iptables -A INPUT -m state --state ESTABLISH,RELATED -j ACCEPT
>
> note you don't need to install ip_nat_ftp unless you have boxes sitting
> behind this one.
>
> HTH,
> Chris
>
This is in fact on the client machine, not the server. There's no NAT
involved. I'll see where this gets me...
Thanks!
Dan
More information about the gnhlug-discuss
mailing list