[Gllug] IPtables - outgoing ftp connections
Alain Williams
addw at phcomp.co.uk
Fri Sep 17 09:25:47 UTC 2010
On Fri, Sep 17, 2010 at 10:18:26AM +0100, t.clarke wrote:
> Hi
>
> I need to setup iptables to allow outgoing ftp connections to the outside world
> from a specific box within the internal network.
>
> iptables -A FORWARD -p tcp -i eth0 -s 192.168.0.nnn -d 0.0.0.0/0 --dport 21
> -j ACCEPT
>
> would seem to allow outgoing connections to the 'control port', but I am not
> sure about outgoing data to the data port.
>
> would:
> iptables -A FORWARD -p tcp -i eth0 -s 192.168.0.nnn -d 0.0.0.0/0 --state RELATED
> - j ACCEPT
> work ?
I have this sort of thing:
iptables -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p TCP ! --syn -j ACCEPT
> I assume I also need to do:
> /sbin/modprobe ip_conntrack_ftp ??
That is what you need.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
Past chairman of UKUUG: http://www.ukuug.org/
#include <std_disclaimer.h>
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list