LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-24-2003, 10:39 PM   #1
paradoxlight
LQ Newbie
 
Registered: Jan 2002
Posts: 25

Rep: Reputation: 15
Connection tracking for Active FTP


I am trying to get Active FTP through my firewall. ( I know that Passive works but in this circumstance I can't due to limitations of the project )

What I am wondering is if the connection tracking will work for a workstation behind my Redhat 8 gateway server.

No matter what I try I can't get workstations behind to do Active FTP connections. This is the bassics that I have tried


iptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -p tcp --dport 20 -m state --state ESTABLISHED,RELATED -J ACCEPT

iptables -A FORWARD -p tcp --dport 21 -m state --state ESTABLISHED,RELATED
iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state ESTABLISHED -j ACCEPT

Any Ideas?
 
Old 03-25-2003, 03:18 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
AFAIK, with *passive* ftp, the client makes the data connection (>1024) to the server (>1024), and in *active* mode, the ftp server makes the data connection (=20) to the client (>1024).
So AFAIK you're missing a state NEW from the server, cuz it'll send the SYN.

Someone correct me if I'm whorrabwy wonk.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
disable connection tracking lmqhfx Fedora - Installation 1 09-17-2005 10:31 PM
Help with connection tracking vishamr2000 Linux - Security 1 05-27-2005 09:37 AM
Help with connection tracking!! vishamr2000 Linux - Security 1 05-27-2005 04:47 AM
app for tracking net connection over time curmudgeon42 Linux - Software 1 02-07-2005 06:59 PM
nat/masquerade, connection tracking b0uncer Linux - Networking 2 07-20-2004 04:22 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration