iptables firewall script

[der.hans]

Am 11. Sep, 2002 schwätzte Rick Rosinski so:

> I guess the last time I sent this message, nobody could help.  I am using a
> Slackware 8.1 system with this firewall script.  I am having trouble with
> GNUTella and receiving information from FTP (I can connect to ftp hosts, but
> I can't receive any data).  I don't want to stop using the firewall, but I
> don't understand much of how to secure my box from intrusion.  The docs seem
> somewhat cryptic.

Have you loaded ip_conntrack_ftp and ip_nat_ftp? Use lsmod to find out.
modprobe to load them if not. That should be part of your iptables script.

The 'active' ftp client requires an incoming connection. Something firewalls
generally try to not allow. ip_nat_ftp should fix your problem for you.

See if you can use passive ftp. See manpages for ncftp and ftp.

ciao,

der.hans
-- 
#  https://www.LuftHans.com/
#  Practice socially consious hedonism. Do whatever you want,
#  as long as it doesn't hurt anyone else. - der.hans