Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A have a home network set up consisting of a linux computer as firewall, then into a switch with my other home computers are connected to.
Internet --> |Linux box| --> switch --> My other computers
What i'm trying to do is hosting a FTP server on one of my other computers. As i have figured i should only need to enable portforwarding for the appropriate port?
I have already tried that.
I read somewhere that the order you enter stuff to iptables matters, and maybe there is some stuff in my firewall script that needs to come after the routing?
Well, thanks for reply. Anyone else knows something that can help me or somewhere i can read more about it?
Humm, didn't quite follow that. Use -m conntrack --cstate where?
Getting you correctly if you mean that the dataflow is on other ports than 21 and they too need to be routed, and that's where theese things come in to help me find those higher ports?
-m conntrack will let you keep states - for the ports that are opened up for ftp data; Makes sure the connections that claim to be for ftp data are indeed in response to the existing connection on port 21.
The man pages for iptables has this ...
conntrack
This module, when combined with connection tracking, allows access to
more connection tracking information than the "state" match. (this
module is present only if iptables was compiled under a kernel support-
ing this feature)
--ctstate state
Where state is a comma separated list of the connection states
to match. Possible states are INVALID meaning that the packet
is associated with no known connection, ESTABLISHED meaning that
the packet is associated with a connection which has seen pack-
ets in both directions, NEW meaning that the packet has started
a new connection, or otherwise associated with a connection
which has not seen packets in both directions, and RELATED mean-
ing that the packet is starting a new connection, but is associ-
ated with an existing connection, such as an FTP data transfer,
or an ICMP error. SNAT A virtual state, matching if the origi-
nal source address differs from the reply destination. DNAT A
virtual state, matching if the original destination differs from
the reply source.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.