TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TCLUG:6207] ipchains and RH 6.0

$IPCHAINS -A input -i eth1 -p tcp -s 0/0 1025:65535 -d 192.16.x.x/32
1025:65535 ! -y -j ACCEPT

where eth1 is external port and 192.16.x.x is the eth1 ip address

This will allow any passive ftp, real audio etc. Someone else may have some
security concerns about this but it should only allow connections initiated
by your host.

-----Original Message-----
From: Bob Tanner []
Sent: Saturday, May 29, 1999 5:07 AM
Subject: [TCLUG:6207] ipchains and RH 6.0

Well, I thought I should make the move to ipchains, since I am now running
6.0. But I have run into a snag.

With ipchains I am unable to figure how to do ftp.

I am not masqurading, just blocking. My workstation has a valid IP address,
am just working on the input chain.

After I make an outgoing ftp connection, the ftp server is going to respond
back to me with the ftp-data part, but when I hit my favorite ftp sites,
ipchains is reporting:

May 29 05:04:41 mordent kernel: Packet log: lockdown DENY eth0 PROTO=6 L=44 S=0x00 I=61415 F=0x0000 T=61

This is me typing dir after I have sucessfully logged into the ftp server.
looks like the server is sending back the ftp-data connection on some
random(?) port.

How do I assocate this connection with my inital ftp request?

Bob Tanner <>       | Phone : (612)943-8700                | Fax   : (612)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9

To unsubscribe, e-mail:
For additional commands, e-mail:
Try our website: