On 2005-09-02 Fabrizio Sannicolo' wrote:
> Ansgar -59cobalt- Wiechers wrote:
>> Port 20/tcp on the server is *only* needed for *active* FTP (and
>> would then have to be a --sport anyway, since the server initiates
>> the data connection). Passive FTP uses TCP ports above 1023 for the
>> data connection, which is initiated by the client. However, with
>> connection tracking enabled,
>
> thus, if I understand right, it is enought that I include the lines
> below in my iptables script:
>
> $MODPROBE ip_conntrack_ftp
> $MODPROBE ip_nat_ftp
>
> iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 21 -m state --state NEW -j ACCEPT
Correct. You'll need "$MODPROBE ipt_conntrack" too, if connection
tracking support is compiled as a module.
Regards
Ansgar Wiechers
--
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment