Eric Gaumer <[EMAIL PROTECTED]> writes:
> Nevermind, I'm an idiot... I never knew the ip_nat_ftp module existed.
> Once I inserted this things started working with active FTP.
>
> Man you can't believe how much time I spent fooling around with this. I
> just assumed active didn't work on a nat'ed
On Tue, 2004-08-17 at 08:06, John L Fjellstad wrote:
> Eric Gaumer <[EMAIL PROTECTED]> writes:
>
> > Then you have a bunch of high end ports open. Connection tracking
> > doesn't work with active FTP because it is a server initiated
> > connection.
>
> Check out the iptables documentation page.
On Tue, 2004-08-17 at 08:06, John L Fjellstad wrote:
> Eric Gaumer <[EMAIL PROTECTED]> writes:
> Check out the iptables documentation page.
> "RELATED
>
> A packet which is related to, but not part of, an existing
> connection, such as an ICMP error, or (with the FTP module
> inserted)
Eric Gaumer <[EMAIL PROTECTED]> writes:
> Then you have a bunch of high end ports open. Connection tracking
> doesn't work with active FTP because it is a server initiated
> connection.
Check out the iptables documentation page.
"RELATED
A packet which is related to, but not part of, an exi
On Sat, 2004-08-14 at 01:19, John Summerfield wrote:
> >You have to use passive FTP for connection tracking to work. If you use
> >active then the connection tracking module wont be able to follow the
> >connection.
> >
> >
>
> My firewall is a Powermac running Woody plus shorewall.
> As you ca
Clement <[EMAIL PROTECTED]> writes:
> And I cannot do ftp. All the data mode traffic of FTP are blocked.
> Apparently the ESTABLISHED,RELATED specification is not followed. The
> module ipt_state is there and executing the above does not show any
> error message. I have tried "modprobe ipt_stat
Eric Gaumer wrote:
On Fri, 2004-08-13 at 09:20, Clement wrote:
And I cannot do ftp. All the data mode traffic of FTP are blocked.
Apparently the ESTABLISHED,RELATED specification is not followed. The
module ipt_state is there and executing the above does not show any
error message. I have
Martin Theiß wrote:
Clement <[EMAIL PROTECTED]> wrote on Friday, 13. August 2004 (18:20):
I have this in the iptables setup:
$ADD INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$ADD INPUT -p udp -m state --state ESTABLISHED -j ACCEPT
$ADD OUTPUT -p tcp -m state --sta
On Fri, 2004-08-13 at 13:23, s. keeling wrote:
> Incoming from Eric Gaumer:
> > On Fri, 2004-08-13 at 12:46, s. keeling wrote:
> > > > On what FTP client? I have 0.17-12 and passive is not the default mode
> > >
> > > Good question.
> >
> > [EMAIL PROTECTED]:(~)$ dpkg -l ftp
> > ii ftp
Incoming from Eric Gaumer:
> On Fri, 2004-08-13 at 12:46, s. keeling wrote:
> > > On what FTP client? I have 0.17-12 and passive is not the default mode
> >
> > Good question.
>
> [EMAIL PROTECTED]:(~)$ dpkg -l ftp
> ii ftp0.17-12
On Fri, 2004-08-13 at 12:46, s. keeling wrote:
> > On what FTP client? I have 0.17-12 and passive is not the default mode
>
> Good question.
>
> (0) keeling /home/keeling_ COLUMNS=110 dpkg -l | grep ftp
> [snip]
> ii lftp 2.4.9-1woody2 Sophisticated command-line FTP/HTTP client programs
>
Incoming from Eric Gaumer:
> On Fri, 2004-08-13 at 12:04, s. keeling wrote:
> > Incoming from Eric Gaumer:
> > > On Fri, 2004-08-13 at 09:20, Clement wrote:
> > > >
> > > > And I cannot do ftp. All the data mode traffic of FTP are blocked.
> > >
> > > You have to use passive FTP for connection
On Fri, 2004-08-13 at 12:04, s. keeling wrote:
> Incoming from Eric Gaumer:
> > On Fri, 2004-08-13 at 09:20, Clement wrote:
> > >
> > > And I cannot do ftp. All the data mode traffic of FTP are blocked.
> >
> > You have to use passive FTP for connection tracking to work. If you use
>
> I was
Incoming from Eric Gaumer:
> On Fri, 2004-08-13 at 09:20, Clement wrote:
> >
> > And I cannot do ftp. All the data mode traffic of FTP are blocked.
>
> You have to use passive FTP for connection tracking to work. If you use
I was going to mention that but:
-p Enable passive mode o
On Fri, 2004-08-13 at 09:20, Clement wrote:
>
> And I cannot do ftp. All the data mode traffic of FTP are blocked.
> Apparently the ESTABLISHED,RELATED specification is not followed. The
> module ipt_state is there and executing the above does not show any
> error message. I have tried "mod
15 matches
Mail list logo
