Hi, My firewall is based on the debian ipmasq scripts with a couple of modifications.
I have setup my firewall to block all incoming SYN packets from the outside world except for services that I want accessible. $IPCHAINS -A input -j ACCEPT -i $i -d $IPOFIF/32 -p tcp ! --syn Now this works fine for masquerading except for outgoing FTP. Passive FTP works fine but normal FTP doesn't. Now I thought that this is what the ip_masq_ftp modules is for. And this module works if I'm not blocking all incoming SYN packets. So I guess my question is, does ip_masq_ftp use a discrete range of ports for FTP connections or does it use everything between 1024-65535? Is there a way to tell it to use a particular range of ports as I don't like opening up the whole range due to the fact that many daemons use non priviliged ports these days. thanks, Iain. P.S. Please CC replies. -- public key available at http://www.minihub.org/~iain/iain.asc
