iptables firewall script
Rick Rosinski
plug-discuss@lists.plug.phoenix.az.us
Thu, 12 Sep 2002 20:05:56 -0700
ip_conntrack_ftp and ip_nat_ftp worked great. Thanks. Is it safe to leave
those modules loaded, or would it be better to remove them once finished with
an ftp session?
On Thursday 12 September 2002 12:06 am, der.hans wrote:
> Am 11. Sep, 2002 schwätzte Rick Rosinski so:
> > I guess the last time I sent this message, nobody could help. I am using
> > a Slackware 8.1 system with this firewall script. I am having trouble
> > with GNUTella and receiving information from FTP (I can connect to ftp
> > hosts, but I can't receive any data). I don't want to stop using the
> > firewall, but I don't understand much of how to secure my box from
> > intrusion. The docs seem somewhat cryptic.
>
> Have you loaded ip_conntrack_ftp and ip_nat_ftp? Use lsmod to find out.
> modprobe to load them if not. That should be part of your iptables script.
>
> The 'active' ftp client requires an incoming connection. Something
> firewalls generally try to not allow. ip_nat_ftp should fix your problem
> for you.
>
> See if you can use passive ftp. See manpages for ncftp and ftp.
>
> ciao,
>
> der.hans
--
"Beauty is transitory."
"Beauty survives."
-- Spock and Kirk, "That Which Survives", stardate unknown