[Gllug] ftp / iptables
Alex Hudson
home at alexhudson.com
Mon Oct 29 10:25:32 UTC 2001
On Monday 29 October 2001 9:58 am, you wrote:
> > Just a quick thought.. Is the FTP process trying to get a
> > reverse lookup
> > on the IP address thats connecting? A lot of FTP servers do.
>
> The client machine (connected to the "server" by a crossover ethernet
> cable) has the server's details in its /etc/hosts so would it not just
> use this? I'm doing "ftp machine1" rather than "ftp 192.168.1.1".
He's asking whether or not the server is doing a reverse lookup on the client
(i.e., if 192.168.10.231 is the client machine trying to reach the ftp
server, perhaps the server is trying to get the name of 192.168.10.231).
Sounds to me like you might be nuking DNS queries, and possibly ftp active
mode too. Get rid of the DROP policy and put a DROP catch rule on the input
chain. Make it log, and see what you're killing.
Cheers,
Alex.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list