MASQUERADE problems with non standard FTP ports
Brad Chapman
kakadu_croc@yahoo.com
Thu, 16 Aug 2001 11:10:29 -0700 (PDT)
--- Florent <florent@arcimex.com> wrote:
> Hi,
>
> You must add the RELATED state to :
> IPTABLES -A INPUT -p tcp --sport 1024:65535 --dport 1024:65535 -m state
> --state ESTABLISHED -j ACCEPT
>
> Because passive FTP creates a new connection, your rule only accept
> ESTABLISHED packets and no SYN.
>
> Florent
>
Mr. Florent,
That might work, but a better way is to do it through conntrack.
Load ip_conntrack_ftp and ip_nat_ftp with the ports= argument specifying
the ports you want to track, then simply match ESTABLISHED,RELATED on the
FTP ports.
Brad
=====
Brad Chapman
Permanent e-mail: kakadu_croc@yahoo.com
Current e-mail: kakadu@adelphia.net
Reply to the address I used in the message to you,
please!
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/