Second query re: port command/links

Henri J. Schlereth henris@bga.com
Wed, 27 Jun 2001 07:46:01 -0500 (CDT) 

I cant seem to get links to (eg. ftp://ftp.isc.org). It doesnt do
passive ftp. I do have the conntrack_ftp and nat_ftp modules loaded
but get a port command failed.

Included is my iptables-save contents.
Can anyone tell what I might be missing for non-passive ftp?

# Generated by iptables-save v1.2.1a on Tue Jun 26 02:14:55 2001
*nat
:PREROUTING ACCEPT [13:2834]
:POSTROUTING ACCEPT [64:4836]
:OUTPUT ACCEPT [64:4836]
[0:0] -A PREROUTING -s 192.168.0.0/255.255.0.0 -i ppp0 -j DROP 
[0:0] -A PREROUTING -s 10.0.0.0/255.0.0.0 -i ppp0 -j DROP 
[0:0] -A PREROUTING -s 172.16.0.0/255.240.0.0 -i ppp0 -j DROP 
[0:0] -A POSTROUTING -o ppp0 -j MASQUERADE 
COMMIT
# Completed on Tue Jun 26 02:14:55 2001
# Generated by iptables-save v1.2.1a on Tue Jun 26 02:14:55 2001
*mangle
:PREROUTING ACCEPT [7081:524647]
:OUTPUT ACCEPT [4987:499909]
COMMIT
# Completed on Tue Jun 26 02:14:55 2001
# Generated by iptables-save v1.2.1a on Tue Jun 26 02:14:55 2001
*filter
:INPUT ACCEPT [6481:480065]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4949:496209]
:allowed - [0:0]
:icmp_packets - [0:0]
:tcp_packets - [0:0]
:udp_packets - [0:0]
[0:0] -A INPUT -i ppp0 -p icmp -j icmp_packets 
[0:0] -A INPUT -i ppp0 -p tcp -j tcp_packets 
[0:0] -A INPUT -i ppp0 -p udp -j udp_packets 
[3:725] -A INPUT -d 192.168.1.255 -i eth0 -j ACCEPT 
[0:0] -A INPUT -d 127.0.0.1 -j ACCEPT 
[591:43046] -A INPUT -d 192.168.1.0/255.255.255.0 -j ACCEPT 
[0:0] -A INPUT -d 192.168.1.1 -m state --state RELATED,ESTABLISHED -j ACCEPT 
[0:0] -A FORWARD -i eth0 -j ACCEPT 
[0:0] -A FORWARD -i lo -j ACCEPT 
[0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
[0:0] -A OUTPUT -s 127.0.0.1 -j ACCEPT 
[38:3700] -A OUTPUT -s 192.168.1.0/255.255.255.0 -j ACCEPT 
[0:0] -A OUTPUT -s 192.168.1.1 -j ACCEPT 
[0:0] -A allowed -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT 
[0:0] -A allowed -p tcp -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT 
[0:0] -A allowed -p tcp -j DROP 
[0:0] -A icmp_packets -p icmp -m icmp --icmp-type 0 -j ACCEPT 
[0:0] -A icmp_packets -p icmp -m icmp --icmp-type 3 -j ACCEPT 
[0:0] -A icmp_packets -p icmp -m icmp --icmp-type 5 -j ACCEPT 
[0:0] -A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT 
[0:0] -A tcp_packets -p tcp -m tcp --dport 20 -j ACCEPT 
[0:0] -A tcp_packets -p tcp -m tcp --dport 21 -j ACCEPT 
[0:0] -A tcp_packets -p tcp -m tcp --dport 22 -j ACCEPT 
[0:0] -A tcp_packets -p tcp -m tcp --dport 80 -j ACCEPT 
[0:0] -A tcp_packets -p tcp -m tcp --dport 113 -j ACCEPT 
[0:0] -A udp_packets -p udp -m udp --sport 20 -j ACCEPT 
[0:0] -A udp_packets -p udp -m udp --sport 21 -j ACCEPT 
[0:0] -A udp_packets -p udp -m udp --sport 53 -j ACCEPT 
[0:0] -A udp_packets -p udp -m udp --sport 123 -j ACCEPT 
COMMIT
# Completed on Tue Jun 26 02:14:55 2001

TIA,
Henri


-- 
"Dangerous is the man who accepts his own mortality."
--The Cynic's Book of Wisdom