On 2005-09-02 Fabrizio Sannicolo' wrote: > Ansgar -59cobalt- Wiechers wrote: >> Port 20/tcp on the server is *only* needed for *active* FTP (and >> would then have to be a --sport anyway, since the server initiates >> the data connection). Passive FTP uses TCP ports above 1023 for the >> data connection, which is initiated by the client. However, with >> connection tracking enabled, > > thus, if I understand right, it is enought that I include the lines > below in my iptables script: > > $MODPROBE ip_conntrack_ftp > $MODPROBE ip_nat_ftp > > iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 21 -m state --state NEW -j > ACCEPT
Correct. You'll need "$MODPROBE ipt_conntrack" too, if connection tracking support is compiled as a module. Regards Ansgar Wiechers -- "Another option [for defragmentation] is to back up your important files, erase the hard disk, then reinstall Mac OS X and your backed up files." --http://docs.info.apple.com/article.html?artnum=25668 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
