Hi, I set up the following rules to allow ftp with my iptables-based packetfilter:
iptables -A INPUT -i $PPP_IFACE -p tcp ! --syn --sport 20 --dport \ $UNPRIVPORTS -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i $PPP_IFACE -p tcp ! --syn --sport 21 --dport \ $UNPRIVPORTS -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i $PPP_IFACE -p tcp ! --syn --dport 20 -j ACCEPT \ iptables -A INPUT -i $PPP_IFACE -p tcp --dport 21 -j ACCEPT Where PPP_IFACE is my external interface an UNPRIVPORTS = 1024:65535. Trying to update my box via apt-get (on the 'firewall'-host), the connection to the server is not established and I get these errors: IN=ippp0 OUT= MAC= SRC=141.76.2.4 DST=217.224.116.100 LEN=60 TOS=0x00 \ PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=48685 DPT=1141 WINDOW=5712 \ RES=0x00 ACK SYN URGP=0 ... What to do? -- "it's not so simple being simple" | http://tammen.net/jt/
