On Thu, Aug 14, 2003 at 03:56:07PM +0200, André Sänger wrote:
Rule created by SuSEfirewall2 which does _not_ work with unmasqued active ftp-connections: 0 ACCEPT tcp -- * * 192.168.0.1 10.1.1.1 state RELATED,ESTABLISHED tcp spt:20 flags:!0x16/0x02
A rule without the "flags:!0x16/0x02" part does the job. Maybe you can point me to some howto what this flags things are and why they are used by SuSEfirewall2 by default?
You get theese flags if there is a rule specification "! --syn" (or the equivalent --tcp-flags as described in iptables(8)). It looks strange to me, because the SYN paket is what has to be treated special if active ftp should work. Maybe someone mixed it up and inverted the test? -- Stefan Tichy <listuser@pi4tel.de>