Hello: Sundari KuSumam wrote, > I am trying to put IPtables on a machine conneted to cablemodem > It uses debian2.2 potato with 2.4.14 kernel > > here is my script > #---------BEGIN---------------------------- > #!/bin/sh > modprobe iptable_nat
Load the connection tracking modules also: # modprobe ip_conntrack # modprobe ip_conntrack_ftp # modprobe ip_conntrack_irc > echo 1 > /proc/sys/net/ipv4/ip_forward > > iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -j MASQUERADE Allow ESTB and RELATED connections thru the firewall. # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > I am running squid also. My clients are able to browse But when I try to > ftp to a sit e from a client machine I get the following > > -------------------- FTP SERVER OUTPUT -------------- > > maria@debian:~$ ftp arbornet.org > Connected to arbornet.org. > 220-Welcome to M-Net's FTP Server > > 220 ProFTPD 1.2.0 Server (M-Net Ftpd) [m-net.arbornet.org] > Name (arbornet.org:maria): chathan > 331 Password required for chathan. > Password: > 230 User chathan logged in. > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> ls > 500 Illegal PORT command. > ftp: bind: Address already in use > ftp> > ------------------------------------------------------ > > However the same works perfectly on my gateway FTP is a more complicated protocol which require NAT "helpers" to work properly. Load the extra connection tracking modules. It should now work from behind the firewall. > Somebody please help I would like to build a firewall . I am unable to > properly understand IPtables . Will some body show how a fire wall > can be constructed step by step RTFM at http://people.unix-fu.org/andreasson/ -- Shanu -- Han Solo: Wonderful girl! Either I'm going to kill her or I'm beginning to like her. _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
