##Control connection ( port 21)
-A FORWARD -i $LAN -o $EXT -m state --state NEW,ESTABLISHED,RELATED -p
tcp -m multiport --dports 21 -j ACCEPT
-A FORWARD -i $EXT -o $LAN -m state --state ESTABLISHED,RELATED -p tcp
-m multiport --sports 21 -j ACCEPT
##Data connection
-A FORWARD -i $EXT -o $LAN -p tcp -m state --state RELATED,ESTABLISHED
-j ACCEPT
-A FORWARD -i $LAN -o $EXT -m state --state ESTABLISHED -p tcp -j ACCEPT
FORWARD default policy is DROP
------------------
With this rules i can't start data connection but control connection work in
Active ftp (standard mode)
My server try to work in passive mode because try to connect the ftp
server via port > 1024 such as 5049, .... after control connection for
data transfer
thanx
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment