> From: Chris Dowling <[EMAIL PROTECTED]>
>
> Hi folks
>
> I have a firewall that basically denies everything and only allows certain
> things in, but everything out.
>
> the problem I have is with ftp in active mode. I cannot get the data
> channel to open! after reading the ipchains docco, which says to open prts
> 1024 -> 6000; 6010 -> onwards, I was able to use ftp in active mode.
>
> but not now! I have changed nothing, and ftp in active mode is broke :(
>
> anybody got any ideas?
>
> thanks in advance
> chris
It's been a while since I looked at this and I'm not an ipchains
expert (just spent a few hours one day reading the various HOWTO's),
but here's the relevant lines I've got:
# allow wget to work - return ftp data only (ftp-data) but only
# through ports 1024-5999 and above 6010 (6000-6010 is for X11)
/sbin/ipchains -A ppp-in -p tcp -s 0/0 ftp-data -d 0/0 0:1023 -j REJECT
/sbin/ipchains -A ppp-in -p tcp -s 0/0 ftp-data -d 0/0 6000:6009 -j REJECT
/sbin/ipchains -A ppp-in -p tcp -s 0/0 ftp-data -d 0/0 1024:5999 -j ACCEPT
/sbin/ipchains -A ppp-in -p tcp -s 0/0 ftp-data -d 0/0 6011: -j ACCEPT
that I think will help you. Obviously, modify ppp-in to whatever your
input chain is and if you have a static address, use it.
Dave
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
