apply to port 20. Add a log rule to see what's being dropped.
You can remove the --sport 21 and just allow in ANY established,related
and that should work.
phil
On 9/1/2007 7:36 AM, Mahdi Rahimi wrote:
> thanks phil
> But i think the port 20 is in RELATED state and no connection need to be
> established. module ip_conntrack_ftp must correct this problem.
[snip]
>>> ***filter
>>> -A FORWARD -i $LAN -o $EXT -s 192.168.1.0/26 -p tcp --dport 21 -m state
>>> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>>> -A FORWARD -i $EXT -o $LAN -p tcp --sport 21 -m state --state
>>> ESTABLISHED,RELATED -j ACCEPT
>>>
>
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment