[LARTC] ip_conntrack_ftp
raptor
raptor@tvskat.net
Wed, 12 May 2004 15:29:44 +0300
tryng to access ftp servers from inside...
> raptor wrote:
> > yep my config is very similar i.e. :
> >
> > iptables -N block
> > iptables -A block -i $ifInt0 -j ACCEPT
> > iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> > iptables -A block -j DROP
> >
> >
> > iptables -A INPUT -i $ifWan0 -j services
> > iptables -A FORWARD -i $ifWan0 -j services
> > iptables -A INPUT -j block
> > iptables -A FORWARD -j block
> >
> > I added also this (do I really need it in my config I'm allowing everything from inside anyway):
> >
> >>iptables -A block -m state --state NEW -i ! $ifWan0 -j ACCEPT
> >
> >
> > after ESTABLISHED,RELATED but still can do active FTP
> >
> > "services" is for giving access to wellknown services...
> > I'm not using NAT
>
> I am not sure what's wrong.
>
> Are you running an FTP server or just trying to access one on the
> internet from behind the firewall ?
>