FTP, Win-NT, and xFTP
Sturla Holm Hansen
sturlahh at online.no
Tue Dec 30 05:57:07 UTC 2003
If you didn't change any firewall-rules when upgrading I don't think
this is your problem, then try using active-mode ftp instead.
Anyway, here's what I did with my firewall....
iptables -A FORWARD -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp
--sport 1024:65535 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
This was the commands I used, 192.168.0.0 is my internal network on
eth0.
The first command gives my internal network rights to connect to the
outside with tcp on any port higher than 1024, the second lets
connections back if they are RELATED/ESTABLISED, iow answers to requests
from the inside.
ssh in to the firewall, and don't forget "service iptables save"
afterwords
Sturla
On Mon, 2003-12-29 at 06:38, Krikket wrote:
> On Tue, 30 Dec 2003, Sturla Holm Hansen wrote:
>
> > Sounds like a firewall-problem to me, I had the same when setting up
> > iptables for the first time, the sollution for me was to open for
> > outgoing connections on ports above 1024 and incoming
> > RELATED/ESTABLISHED on the same ports.
> > The problem is that the ftp-server doesn't communicate on the designated
> > ftp port, it just sets up the session there and then tells your client
> > what port to connect to.
> > Don't know if this solves it for you, but that was the sollution when I
> > had the exact same problem.
>
> Does that mean that some FTP clients are smarter than others, and can work
> around the firewall?
>
> Hrm. When I get home, I'll have to poke around with it. While I can work
> the firewall via lynx, it's a bit kludgy, and I'm not sure what I'm
> doing... Better to play it safe...
>
> Krikket
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
>
More information about the users
mailing list