On Wed, 13 Mar 2002, Matt Cooling wrote: > Thanks for the link. However, I already understand fully how the > different FTP modes work. My problem lies with the iptables > configuration required to implement this. I've tried using the RELATED > rule below, but this doesn't seem to work.
> > Chain INPUT (policy DROP) > > target prot opt source destination > > ACCEPT tcp -- <internal gateway> anywhere > > tcp dpt:ssh > > ACCEPT tcp -- anywhere anywhere > > tcp dpt:http > > ACCEPT udp -- <dns server> anywhere udp > > spt:domain > > > > I now want to give FTP access to specific IP addresses for > > uploading content. I started using the following rules: > > > > iptables -A INPUT -p tcp -s <ftp client> --dport ftp -j > > ACCEPT iptables -A INPUT -p tcp -s <ftp client> --dport > > ftp-data -j ACCEPT It seems to me you add rules to the INPUT chain only. However there are ougoing packets as well, which never enter the INPUT. You should add the appropriate rules to the OUPUT chain as well. Regards, Jozsef - E-mail : [EMAIL PROTECTED], [EMAIL PROTECTED] WWW-Home: http://www.kfki.hu/~kadlec Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
