[Gllug] Iptables Continued
Mick Farmer
mick at dcs.bbk.ac.uk
Mon Feb 14 18:36:26 UTC 2005
Dear GLLUGers,
I'm continuing to fight iptables and have now come across
this problem. I'm allowing FTP out of my box, and this
works as follows, for ftp-control (port 21).
-A OUTPUT -p tcp --dport ftp -m state --state NEW -j ACCEPT
That's fine. I was expecting the following rule to work for
the latest ftp-data (not port 20).
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
The data transfer hangs because my version of FTP uses
random ports at both end of the data connection, and I don't
think this is covered in the "-m state" module.
Am I wrong? If I'm right, any ideas?
Regards,
Mick /"\
\ /
Linux Registered X ASCII Ribbon Campaign
User #287765 / \ Against HTML Mail
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list