[luau] Iptables firewall question

MonMotha monmotha at indy.rr.com
Fri Jan 10 12:21:01 PST 2003


Florian Hines wrote:
> Whats up guys,
> 
> I think im dense today because im missing something I shouldn't be.
> 
> I'm running a RH7.3 system (all updates) with wu-ftpd , iptables and I used
> MonMotha's Firewall 2.3.8-pre9 to set the script up.
> I'm allowing the following TCP ports
> 
> TCP_ALLOW="20 21 22 25 80 110 443"
> 
> But, when I ftp to the machine and login it times out when it tries to "ls"
> the directory ?
> 
> What am I missing ?
> 
> Florian

Remove port 20 from TCP_ALLOW and execute the following (as root):

modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

If you're running a kernel prior to 2.4.20, make sure you don't have any other 
conntrack or nat helpers loaded (use lsmod to check) first, as the old NAT code 
can only handle one at a time (2.4.20-pre2 and later have newnat merged in whcih 
can handle multiple helpers).

--MonMotha

-- 
Optimist: The glass is half full.                      | PGP Key: 0x1B0390E0
Pessimist: The glass is half empty.                    | Outgoing mail signed
Engineer: The glass is twice as big as it needs to be. | monmotha at indy.rr.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 252 bytes
Desc: not available
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20030110/989a9a15/attachment-0001.pgp>


More information about the LUAU mailing list