Following all the recent traffic on this list and others about
ftp and ip masqing I wondered why I could ftp _with_ port prefectly.
Anyhow I upgraded my kernel to 2.2.0 (from 2.0.36) and learnt ipchains
over the last few days.
Following the upgrade I can't ftp, and before you all mail me and
say the I have to use PASV mode, I know. But I don't I have found the
problem :). Before the upgrade I was inside another firewall hence little
need for security so I had input / output default to accept.
Now I am still inside the same firewall but I desided to play with
security a little so ported most of the TrinityOS firewall rules over to
ipchains, hence input / output are now deny. I can't ftp with port mode,
humm interesting.....
A little thinking and a little bit of tail -f /var/log/messages I
see connections from the ftp server form port 20 being denied ah, I have
found the problem. Add this rule to your rule set and port based ftp will
work:
ipchains -A input -j ACCEPT -y -p tcp -s 0.0.0.0/0 20 -d yourip 1024:65535
or
ipfwadm -I -a accept -P tcp -S 0.0.0.0/0 20 -D yourip 1024:65535
(no warrenty on this one I don't know ipfwadm very well)
Tim Fletcher .~.
/V\ L I N U X
[EMAIL PROTECTED] // \\ >Don't fear the penguin<
[EMAIL PROTECTED] /( )\
^^-^^
Slowly and surely the unix crept up on the Nintendo user ...
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
