Connection tracking for Active FTP
I am trying to get Active FTP through my firewall. ( I know that Passive works but in this circumstance I can't due to limitations of the project )
What I am wondering is if the connection tracking will work for a workstation behind my Redhat 8 gateway server.
No matter what I try I can't get workstations behind to do Active FTP connections. This is the bassics that I have tried
iptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -p tcp --dport 20 -m state --state ESTABLISHED,RELATED -J ACCEPT
iptables -A FORWARD -p tcp --dport 21 -m state --state ESTABLISHED,RELATED
iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state ESTABLISHED -j ACCEPT
Any Ideas?
|