phil
On 9/1/2007 4:52 AM, Mahdi Rahimi wrote:
> hello
> I have problem in our clients's outside ftp access via debian.
> My LAN users can't start data transfer to outside FTP servers, but they
> can establish connection to port 21 on the outside ftp server.
>
> I want to my LAN users use ftp clinets in ACTIVE mode.
> my rules:
>
> ***nat
> -A PREROUTING -i $LAN -s 192.168.1.0/26 -p tcp -m multiport --dport 21 -j
> ACCEPT
> -A POSTROUTING -s 192.168.1.0/26 -d 0/0 -o eth1 -j MASQUERADE
>
> ***filter
> -A FORWARD -i $LAN -o $EXT -s 192.168.1.0/26 -p tcp --dport 21 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
> -A FORWARD -i $EXT -o $LAN -p tcp --sport 21 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
>
> *************
> modprobe ip_conntrack_ftp , ip_conntrack, ip_nat_ftp
>
>
>
>
>
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment