Hi, --On Donnerstag, 6. Juni 2002 17:06 +0100 Antony Stone <[EMAIL PROTECTED]> wrote:
> On Thursday 06 June 2002 4:41 pm, Erik Pagel wrote: > >> iptables -N ftp >> iptables -A ftp -p tcp --dport 20:21 -o $I_EXTERN -j ACCEPT >> iptables -A ftp -p tcp --sport 20:21 -i $I_EXTERN -m state --state >> ESTABLISHED,RELATED -j ACCEPT >> iptables -A ftp -p tcp --dport 20:21 -i $I_EXTERN -m state --state >> NEW,INVALID -j LOG --log-level warning --log-prefix "DROP:FTP Incomming" >> iptables -A ftp -p tcp --dport 20:21 -i $I_EXTERN -m state --state >> NEW,INVALID -j DROP > >> iptables -A INPUT -j ftp >> iptables -A OUTPUT -j ftp >> iptables -A FORWARD -j ftp > > That is a very strange set of rules to try applying to all three of > INPUT, FORWARD and OUTPUT chains ! > > Please can you tell us whether you are trying to ftp from this machine > with the netfilter rules on, or is the netfilter machine acting as a > router between the ftp client and server ? Both, I want so send files from this machine and this machine also act as router for my internal network. That the reason why I apply the rules to all three chains. > > Antony. > bye Erik
