On 2008-06-30 Sathyainkara Balendra wrote: > I have following settings, but i dont get a ftp connection. > > #FTP-TABLE incomplete > > ################################################################## > *filter > :INPUT DROP [0:0] > :FORWARD DROP [0:0] > :OUTPUT ACCEPT [0:0] > > ################################################################## > > #if following line is set it works, but i want a secure connection > #only too that server > #-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > > #Allow Ftp > -N USER_FTP > -A INPUT -p tcp -m tcp --dport 1:65000 --syn -j USER_FTP > -A USER_FTP -s 212.74.114.60/21 -j ACCEPT > -A USER_FTP -s 212.74.114.60/20 -j ACCEPT
If I'm interpreting your ruleset correctly, you want to allow outbound FTP to just one particular FTP server. You got your notation wrong there, BTW. The part after the slash in the argument of the -s option is a netmask, not a port. You specify ports with the --sport option. ----8<---- # NOTE: This rule snippet doesn't take care of anything else than FTP! # You'll need rules for DNS and whatever else you want to allow in # addition to this. modprobe ip_conntrack_ftp iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp -d 212.74.114.60 --dport 21 \ -m state --state NEW -j ACCEPT ---->8---- If you want to do yourself a favor: learn how FTP works before trying to handle FTP connections. http://slacksite.com/other/ftp.html Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
