On 3 Jul 2003 at 9:03, Harald Thoeny wrote: > here is the problem > > the ftp is behind the firewall. the hole network is masquareded. > > it is not a problem to connect from outside to the firewall but if the 'ls' > command is send to the server the connection is getting lost > > can anyone explaine how to set up a proffesional solution ? >
Your problem is related to the FTP server which probably works on "passive" transfer; SOLUTION: 1) load at the beginning of the firewall script the module /sbin/modprobe ip_conntrack_ftp 2) enable forwarding on ports 20 and 21 like: /sbin/iptables -A FORWARD -p tcp -m multiport --dports 20,21 -j ACCEPT if you forward to another machine, otherwise use the INPUT rule (you shold include -s and -o targets for security) 3) enable passive like: iptables -A FORWARD -p tcp -d 5.6.7.8 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT this should do, ***************************************** Alessandro "Formichiere" Bagaglia Econet S.r.l. Debian User *****************************************
