On Sun, 26 Aug 2001 19:27:30 +0200 (MEST), thomas anderson wrote: > ** hi, > ** > ** recently installed a firewall now ftp doesn't work (i.e. connection times > ** out)...the line to allow ftp thru iptables doesn't seem to work: > ** > ** $IPTABLES -A INPUT -p tcp ! --syn --source-port 20 --destination-port 1024 > ** :65535 -j ACCEPT
Isn't the syntax like this: iptables -A INPUT -p tcp ...... ? I never used $IPTABLES. Then i think this line can't have any effect. How i know --source-port and --destination-port are options from ipchains and will not work with iptables. I have a super firewall. But iptables is also new for me. My suggestion: Read man iptables. And you could try to delete the $ before IPTABLES. If you have luck, then it will work. And: you can look into /var/log/messages. There will all packages loged, that are blocked from the firewall, if you insert this lines at end of your rules: iptables -A INPUT -j LOG --log-prefix 'DROPOUT:' iptables -A FORWARD -j LOG --logprefix 'DROPOUT:' iptables -A OUTPUT -j LOG --logprefix 'DROPOUT:' Whith this log infos you can very easy find out, which packeges and why can't got through the firewall Timo
