Re: iptables, ftp and dnat?

2008-12-09 Thread Adam Hardy
Robert L. Harris on 05/12/08 20:35, wrote: Can I suggest something like this # one catch all for all related and established connection # as defined by connection tracking iptables -I INPUT RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT ipta

Re: iptables, ftp and dnat?

2008-12-07 Thread Anoop Aryal
> > It hangs after ls? Sounds like your data traffic gets jammed > > somehow. > > I know I'm jumping in halfway thru the conversation so this might have already been mentioned. But you may want to check if the firewall is blocking ICMP packets preventing PMTU being figured out correctly. The scen

Re: iptables, ftp and dnat?

2008-12-07 Thread Robert L. Harris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tommy Bongaerts wrote: > On Fri, Dec 05, 2008 at 03:30:19PM -0700, Robert L. Harris wrote: > >> I've read both of those and understand how the ftp works. I've >> spent the last 2 days googling. Unfortunately it's all working >> now except how to get

Re: iptables, ftp and dnat?

2008-12-06 Thread Tommy Bongaerts
On Fri, Dec 05, 2008 at 03:30:19PM -0700, Robert L. Harris wrote: > I've read both of those and understand how the ftp works. I've > spent the last 2 days googling. > Unfortunately it's all working now except how to get the iptables data > connection in passive > mode working. I can log in, e

Re: iptables, ftp and dnat?

2008-12-06 Thread Alex Samad
On Fri, Dec 05, 2008 at 03:30:19PM -0700, Robert L. Harris wrote: [snip] > > > >> here is another link > >> http://www.cyberciti.biz/faq/iptables-open-ftp-port-21/ (again > > google). > > > > > >> My strength is in itables not ftp (which is the reason for > > googling :) ) > > > >> Also anything

Re: iptables, ftp and dnat?

2008-12-05 Thread Robert L. Harris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Samad wrote: > Hi > > You should try and keep this on list Sorry, hit reply instead of reply all. > > > Alex > > > On Fri, Dec 05, 2008 at 02:17:42PM -0700, Robert L. Harris wrote: > > > >> [snip] > > I've updated my rules to this: # # allow

Re: iptables, ftp and dnat?

2008-12-05 Thread Alex Samad
Hi You should try and keep this on list Alex On Fri, Dec 05, 2008 at 02:17:42PM -0700, Robert L. Harris wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > [snip] > > I've updated my rules to this: > # # allow ftpd > HARVARD="10.1.1.32" > /sbin/modprobe nf_conntrack_ftp >

Re: iptables, ftp and dnat?

2008-12-05 Thread Glenn English
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > Commenting it out, everything looks good until after I log in and try > to do an "ls" when it returns: > ftp> ls > 227 Entering Passive Mode (10,1,1,32,205,208). > > Then nothing

Re: iptables, ftp and dnat?

2008-12-05 Thread Alex Samad
On Fri, Dec 05, 2008 at 01:35:25PM -0700, Robert L. Harris wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > > Alex Samad wrote: > > On Fri, Dec 05, 2008 at 10:35:47AM -0700, Robert L. Harris wrote: > > > > Help... I have the following in my firewall startup script: > > > > /sbin/

Re: iptables, ftp and dnat?

2008-12-05 Thread Robert L. Harris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Samad wrote: > On Fri, Dec 05, 2008 at 10:35:47AM -0700, Robert L. Harris wrote: > > Help... I have the following in my firewall startup script: > > /sbin/modprobe nf_conntrack_ftp $IPTABLES -A INPUT -p tcp --dport > 21 -m state --state NEW,ES

Re: iptables, ftp and dnat?

2008-12-05 Thread Rob de Graaf
On Fri, 2008-12-05 at 18:35 +0100, Robert L. Harris wrote: > From: > Robert L. Harris > <[EMAIL PROTECTED]> >To: > debian-user@lists.debian.org > > Subject: > iptables, ftp and dnat? >

Re: iptables, ftp and dnat?

2008-12-05 Thread Alex Samad
On Fri, Dec 05, 2008 at 10:35:47AM -0700, Robert L. Harris wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > Help... I have the following in my firewall startup script: > > /sbin/modprobe nf_conntrack_ftp > $IPTABLES -A INPUT -p tcp --dport 21 -m state --state > NEW,ESTABLISHE

Re: iptables, ftp and dnat?

2008-12-05 Thread Robert L. Harris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 yes it is and I am successfully routing port 80/http to a different server behind the firewall just fine. S Scharf wrote: > > > On Fri, Dec 5, 2008 at 12:52 PM, S Scharf <[EMAIL PROTECTED] > > wrote: > > > > On Fri, Dec 5,

Re: iptables, ftp and dnat?

2008-12-05 Thread S Scharf
On Fri, Dec 5, 2008 at 12:52 PM, S Scharf <[EMAIL PROTECTED]> wrote: > > > On Fri, Dec 5, 2008 at 12:35 PM, Robert L. Harris < > [EMAIL PROTECTED]> wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> >> Help... I have the following in my firewall startup script: >> >> > > ... > >>

Re: iptables, ftp and dnat?

2008-12-05 Thread S Scharf
On Fri, Dec 5, 2008 at 12:35 PM, Robert L. Harris <[EMAIL PROTECTED] > wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > Help... I have the following in my firewall startup script: > > ... > > I am trying to forward public internet ftp traffic to a machine behind > my firewall.