LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Connection tracking for Active FTP (https://www.linuxquestions.org/questions/linux-networking-3/connection-tracking-for-active-ftp-51575/)

paradoxlight 03-24-2003 10:39 PM
Connection tracking for Active FTP
 
I am trying to get Active FTP through my firewall. ( I know that Passive works but in this circumstance I can't due to limitations of the project )

What I am wondering is if the connection tracking will work for a workstation behind my Redhat 8 gateway server.

No matter what I try I can't get workstations behind to do Active FTP connections. This is the bassics that I have tried


iptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -p tcp --dport 20 -m state --state ESTABLISHED,RELATED -J ACCEPT

iptables -A FORWARD -p tcp --dport 21 -m state --state ESTABLISHED,RELATED
iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state ESTABLISHED -j ACCEPT

Any Ideas?

unSpawn 03-25-2003 03:18 AM
AFAIK, with *passive* ftp, the client makes the data connection (>1024) to the server (>1024), and in *active* mode, the ftp server makes the data connection (=20) to the client (>1024).
So AFAIK you're missing a state NEW from the server, cuz it'll send the SYN.

Someone correct me if I'm whorrabwy wonk.


All times are GMT -5. The time now is 05:37 AM.