On my mail server I am running iptables with a default policy of DROP:
Code:
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP
Now I am trying to connect to my FTP server (192.168.100.12) from my mail server using the rules below:
Code:
/sbin/iptables -A INPUT -i eth0 -p tcp -s 192.168.100.12 --sport ftp -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -p tcp -d 192.168.100.12 --dport ftp -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp -s 192.168.100.12 --sport ftp-data -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -p tcp -d 192.168.100.12 --dport ftp-data -m state --state NEW,ESTABLISHED -j ACCEPT
I can connect fine. But when I run any command like
dir, I get the following error after a long delay:
Code:
ftp> dir
227 Entering Passive Mode (192,168,100,12,113,135)
ftp: connect: Connection timed out
Turning
passive mode off, I get (after a long delay):
Code:
ftp> passive
Passive mode off.
ftp> dir
200 PORT command successful. Consider using PASV.
425 Failed to establish connection.
Do I have to add any additional rule for iptables?
