Manuel Mely wrote: >>my problem is that I am not able to enable ftp connections ... > > > All you have to do is to permit ftp connections in your firewall ;) > > iptables -A INPUT -i ??? -s ??? -p tcp --dport 20:21 -j ACCEPT
but, once I have loaded contrack ftp modules and I want to permit ftp client connections from my private subnet, which is behind eth1, to Internet through eth0, I should do: iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 20:21 -j ACCEPT is it right? I am sorry but it is not long time that I'm playing with iptables and firewalls...:-) thanks, fabrizio. > > Also, enable ip_nat_ftp module and ip_conntrack_ftp! > > Salu2 > Mely > > > On Wed, 2005-08-31 at 15:07 +0200, Fabrizio Sannicolo' wrote: > >>dear Sir/Madam, >> >>I have a linux box (sarge) as router/firewall in my organization. At the >>moment that Linux box has 3 ethernet cards as follows: >> >>eth0 with public IP >>eth1 private subnet >>eth2 DMZ and WiFi >> >>I use iptables to forward traffic from Intranet to Internet and >>viceversa using a rule such as >> >>iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $SERV_EXT >> >>I also enable specific services with rules such as >> >> -m state >>--state NEW -j ACCEPT >> >>or >> >>iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -m state --state >>NEW -j ACCEPT >> >>for any chain I let ESTABLISHED and RELATED connection... >> >>iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT >> >> >>and, at the end of each chain (INPUT, OUTPUT and FORWARD), I put >> >>iptables -A INPUT -j DROP >> >>my problem is that I am not able to enable ftp connections ... >> >>Could you help me, please? >> >>thanks, fabrizio. >> >> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
