this : iptables -A FORWARD -i internal-interface -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j DROP doesn''t seem to work for active-ftp .. i even manualy loaded ip_conntrack_ftp but as u see it is unused : # lsmod Module Size Used by Not tainted ip_conntrack_ftp 4272 0 (unused) iptable_nat 17468 0 (autoclean) (unused) ipt_state 568 3 (autoclean) ip_conntrack 20616 3 (autoclean) [ip_conntrack_ftp iptable_nat ipt_state] ipt_LOG 3352 1 (autoclean) ipt_limit 1016 1 (autoclean) iptable_filter 1708 1 (autoclean) ip_tables 12408 7 [iptable_nat ipt_state ipt_LOG ipt_limit iptable_filter] ...... any idea why it doesn work... passive-ftp is ok. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> If you use nat try to load ip_nat_ftp. > > cu thomasno i''m not using nat _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi,> # lsmod >Module Size Used by Not tainted >ip_conntrack_ftp 4272 0 (unused) >iptable_nat 17468 0 (autoclean) (unused) >ipt_state 568 3 (autoclean) >ip_conntrack 20616 3 (autoclean) [ip_conntrack_ftp iptable_nat ipt_state] >ipt_LOG 3352 1 (autoclean) >ipt_limit 1016 1 (autoclean) >iptable_filter 1708 1 (autoclean) >ip_tables 12408 7 [iptable_nat ipt_state ipt_LOG ipt_limit iptable_filter] >If you use nat try to load ip_nat_ftp. cu thomas>...... > > >any idea why it doesn work... >passive-ftp is ok. >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > >-- Thomas Braun WESTEND GmbH | Internet-Business-Provider Technik CISCO Systems Partner - Authorized Reseller Lütticher Straße 10 Tel 0241/701333-17 tb@westend.com D-52064 Aachen Fax 0241/911879 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/