Fabrizio, Try add this:
modprobe ip_conntrack_ftp iptables -A INPUT -i eth2 -s 192.168.3.0/24 -p tcp --dport 21 -m state --state NEW -j ACCEPT Em Qua, 2005-08-31 às 15:07 +0200, Fabrizio Sannicolo' escreveu: > dear Sir/Madam, > > I have a linux box (sarge) as router/firewall in my organization. At the > moment that Linux box has 3 ethernet cards as follows: > > eth0 with public IP > eth1 private subnet > eth2 DMZ and WiFi > > I use iptables to forward traffic from Intranet to Internet and > viceversa using a rule such as > > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $SERV_EXT > > I also enable specific services with rules such as > > iptables -A INPUT -i eth2 -s 192.168.3.0/24 -p tcp --dport 22 -m state > --state NEW -j ACCEPT > > or > > iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -m state --state > NEW -j ACCEPT > > for any chain I let ESTABLISHED and RELATED connection... > > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > > and, at the end of each chain (INPUT, OUTPUT and FORWARD), I put > > iptables -A INPUT -j DROP > > my problem is that I am not able to enable ftp connections ... > > Could you help me, please? > > thanks, fabrizio. > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
