> I am trying to set a rule for ipchains to allow ftp
> from netscape.  My current policy for input is DENY. 
> Can someone please tell me the minimum port range for
> the source-port to allow for ftp to most sites.

Most browsers use "passive-mode" FTP, for which the client
initiates both control and data connection, so firewall
configuration is simple.

I just use

$ipchains -A input -i eth1 -p tcp ! -y -j ACCEPT

which permits any incoming TCP packet without the SYN
bit set, that is, which doesn't represent a new connection
request.  In effect, it permits incoming traffic only
if it's part of a connection already requested from the
inside. So passive-mode FTP "just works", along with other
TCP connections initiated from within the firewall, like
HTTP, ssh, etc.

There's a firewall-HOWTO at linuxdoc.org.

Cheers,
Peter Monta   [EMAIL PROTECTED]
Terayon Communication Systems


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.

Reply via email to