-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Strasheim wrote: > Aloha > > i have a singel interface and do the following iptables commands > everthings works as i should ( there are some more services with UDP ) > > iptables -N allowed > iptables -A allowed -j ACCEPT > iptables -A INPUT -p TCP --dport 22 -j allowed > iptables -A INPUT -p TCP --dport 21 -j allowed > iptables -A INPUT -p UDP --dport 68 -j allowed > iptables -A INPUT -m state --state RELATED -j allowed > iptables -A INPUT -m state --state ESTABLISHED -j allowed > iptables -A INPUT -j DROP > > i can also login per ssh and connect to ftp, but scp and ftp auth don't work. > I anderstand that they talk about a new port and that the firewall don't see > the exchange of that data and therefor can get set the state engine to > related or established. > For ftp i loaded the con tracking module ... ( i know it for nat but i hopped > :) ) but i didn't work.
Not sure I understand. scp only uses tcp/22. It doesn't use a data port like ftp. I would expect that scp would work fine. How 'bout a -j LOG statement right before the DROP to see what's being dropped. /phil -----BEGIN PGP SIGNATURE----- Comment: Public Key: http://www.dyermaker.org/gpgkey.asc iD8DBQFB+vmK0q9tKssDeQcRAu5+AJ0X+NGTHy6i6XkNRfNB275vNdiTawCcCSWs nm98Q31csLoZS1BUasr99lE= =utx6 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
