On 29/04/2004 Daniel Pittman wrote: > > Dose not connection tracking take care of both active and passive FTP? > > These both should fall under state RELATED not state NEW. > > The firehol script treats it as a complex service, because there are > connections going both ways. If you look at the relevant function in > /lib/firehol/firehol (line 869) you will see what firehol does to set it > up.
mh, now with server_myftp_ports="tcp/211:215" client_myftp_ports="default" i get after logging in with 'lftp -p 211 [EMAIL PROTECTED]' from a remote machine and trying to list the content with 'ls': `ls' at 0 [Connecting...] `ls' at 0 [Sending commands...] `ls' at 0 [Waiting for response..] `ls' at 0 [Making data connection...] and there it starts idling for infinity. so it seems like no data is delivered to my remote machine. any suggestions why that could be? from the firewall/ftp machine itself it works well, so no problem with the ftp-server. it's quite important to have these 5 ports open, so if you have no suggestions to fix the above, how do the iptables commands look like to open these 5 ports for ftp connection? bye jonas
