Yet another FTP hell .....
Giorgio A.
jh@libero.it
Sat, 12 Jan 2002 10:58:39 +0100
hi everyone,
i have to identical firewall with slackware 8 and kernel 2.4.17 using
iptables, connected to the internet through 2 different ADSL routers.
these are the modules loaded:
iptable_filter 1728 0 (autoclean) (unused)
ip_nat_ftp 3216 0 (unused)
ip_conntrack_ftp 3376 0 [ip_nat_ftp]
iptable_nat 14384 1 [ip_nat_ftp]
ip_tables 11104 4 [iptable_filter iptable_nat]
ip_conntrack 14768 2 [ip_nat_ftp ip_conntrack_ftp iptable_nat]
8139too 12608 2
this is my (simple) ruleset:
# Generated by iptables-save v1.2.2 on Fri Nov 16 23:44:19 2001
*filter
:INPUT ACCEPT [1230:111982]
:FORWARD ACCEPT [4148:2439091]
:OUTPUT ACCEPT [1026:192223]
-A INPUT -i eth1 -p tcp -m tcp --dport 322 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 3306 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 110 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 25 -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 53 -j DROP
-A INPUT -i eth1 -p udp -m udp --dport 53 -j DROP
COMMIT
# Completed on Fri Nov 16 23:44:19 2001
# Generated by iptables-save v1.2.2 on Fri Nov 16 23:44:19 2001
*nat
:PREROUTING ACCEPT [221:13175]
:POSTROUTING ACCEPT [13:1106]
:OUTPUT ACCEPT [98:7207]
-A POSTROUTING -o eth1 -j SNAT --to-source 192.168.1.2
COMMIT
# Completed on Fri Nov 16 23:44:19 2001
why does the FTP between these 2 boxes doesn't work ?
active mode cannot work, ok, but why passive answers me
227 Entering Passive Mode (10,0,0,5,171,188).
and then goes timeout ?
plz help me
have a nice day
Giorgio