> I am trying to set a rule for ipchains to allow ftp
> from netscape. My current policy for input is DENY.
> Can someone please tell me the minimum port range for
> the source-port to allow for ftp to most sites.
Most browsers use "passive-mode" FTP, for which the client
initiates both control and data connection, so firewall
configuration is simple.
I just use
$ipchains -A input -i eth1 -p tcp ! -y -j ACCEPT
which permits any incoming TCP packet without the SYN
bit set, that is, which doesn't represent a new connection
request. In effect, it permits incoming traffic only
if it's part of a connection already requested from the
inside. So passive-mode FTP "just works", along with other
TCP connections initiated from within the firewall, like
HTTP, ssh, etc.
There's a firewall-HOWTO at linuxdoc.org.
Cheers,
Peter Monta [EMAIL PROTECTED]
Terayon Communication Systems
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.