[Fwbuilder-discussion] Passing ftp through the firewall on a linux 2.6 kernel.
Brought to you by:
mikehorn
From: Tom D. <td...@ro...> - 2004-07-31 17:22:20
|
Hi all, Is there anything different about the way ftp is handled on the linux 2.6 kernal and iptables 1.2.9? I just upgraded my firewall and recompiled the rules with fwb2 and ftp no longer works. I get the following log entries: Jul 31 13:13:51 taz kernel: fwb(DROPnLOG) IN=eth1 OUT=eth0 SRC=192.168.0.3 DST=209.128.228.253 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=29474 DF PROTO=TCP SPT=38779 DPT=62967 WINDOW=5840 RES=0x00 SYN URGP=0 In looking at the above log it looks to me like I now have to open a bunch of high ports. I thought that iptables knew how to handle ftp. This makes no sense to me since I did not have this problem with the old iptables firewall. I have ftp, ftp-data, and ftp data passive in the list of allowed outbound services and this ruleset worked on the 2.4 kernel. Vadim, If you look at this, the data file I just sent you is the same data file I am having the ftp problem with. Any idea what I am missing?? Regards, Tom |