[LARTC] ip_conntrack_ftp
Andy Furniss
andy.furniss@dsl.pipex.com
Wed, 12 May 2004 08:53:39 +0100
raptor wrote:
> yep my config is very similar i.e. :
>
> iptables -N block
> iptables -A block -i $ifInt0 -j ACCEPT
> iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A block -j DROP
>
>
> iptables -A INPUT -i $ifWan0 -j services
> iptables -A FORWARD -i $ifWan0 -j services
> iptables -A INPUT -j block
> iptables -A FORWARD -j block
>
> I added also this (do I really need it in my config I'm allowing everything from inside anyway):
>
>>iptables -A block -m state --state NEW -i ! $ifWan0 -j ACCEPT
>
>
> after ESTABLISHED,RELATED but still can do active FTP
>
> "services" is for giving access to wellknown services...
> I'm not using NAT
I am not sure what's wrong.
Are you running an FTP server or just trying to access one on the
internet from behind the firewall ?
Andy.
<snip>