[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Re: Iptables

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: [Sheflug] Re: Iptables
From: xxxxx [at] xxxxxxxxxxxxxxxxxxx
Date: Sun, 5 May 2002 12:29:52 +0100
Envelope-to: <shef-lug [at] list.sheflug.org.uk>
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx

>>>>> "Richard" == Richard Ibbotson <richard [at] sheflug.co.uk> writes:

    Richard> Baz Thanks ever so much...

    >> Note that using service names (pop3, smtp etc) in the --sport
    >> and --dport fields is a valid substitution for port numbers.

    Richard> One last thing.  I promise I'll go away to the
    Richard> Hillsborough Hotel and have a beer after this...  ftp ...
    Richard> is this one right or wrong ?  Always get ftp wrong....

    Richard> # # ftp # iptables -A FORWARD -i eth0 -o ppp0 -p tcp \ -s
    Richard> 192.168.1.0/24 --dport 21 \ -m state --state NEW,
    Richard> RELATED, ESTABLISHED \ -j ACCEPT

I'm not completely sure about FTP myself :-)

My firewall setup lets most things out, nothing new in, and uses --state
RELATED,ESTABLISHED to handle stuff coming back in that I've requested.

FTP isn't the most straight forward of protocols, what with the data
and control connections.

Netfilter/iptables uses the ip_conntrack_ftp module to do connection
tracking on FTP - I'm not sure if just specifying --dport ftp is
enough - you'll need to see netfilter.samba.org or google for that.

Cheers.

Baz.

-- 
Barrie J. Bremner		OpenPGP public key ID: F78CEE08
baz [at] barriebremner.com	http://barriebremner.com/

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

References:
- [Sheflug] Iptables
  - From: Richard Ibbotson
- [Sheflug] Re: Iptables
  - From: Richard Ibbotson
- [Sheflug] Re: Iptables
  - From: Barrie Bremner
- [Sheflug] Re: Iptables
  - From: Richard Ibbotson

Prev by Date: RE: [Sheflug] Re: Iptables
Next by Date: RE: [Sheflug] Re: Iptables
Previous by thread: [Sheflug] Re: Iptables
Next by thread: [Sheflug] Re: Iptables
Index(es):
- Date
- Thread