Re: FN-FORUM: firewalls and ftp

date posted 3rd August 2007 16:24

> any idea how to adjust firewall to accept the passive method of =

> connecting?

You need to do two things:

1) add an iptables rule to accept "state RELATED,ESTABLISHED" connection=
s
2) check that you have ip_conntrack_ftp in IPTABLES_MODULES in =

/etc/sysconfig/iptables-config. If it isn't already there, you can do a =
=

"modprobe ip_conntrack_ftp" to save having to reboot. (I have the line =

looking like: IPTABLES_MODULES=3D"ip_conntrack_ftp ip_conntrack_netbios_=
ns")

The first allows connections on any port that have already been =

established on another port. The second loads a kernel module to track =

related connections for FTP.

Cheers!

Anthony
-- =

www.fonant.com - Quality web sites