Hello, Sorry, my English is not so good! I have write my Firewall with Iptables.I can connect an FTP Server but not make a ls or dir. linux:~ # ftp ftp.suse.com Connected to ftp.suse.com (217.9.113.66). 220 "Welcome to the SuSE ftp server: Please login as user 'ftp'" Name (ftp.suse.com:root): ftp 331 Please send your email address as a password. Password: 230-+----------------------------------------------------------------+ 230-| Welcome to the SuSE Linux FTP archives in Nürnberg Germany | 230-+----------------------------------------------------------------+ 230-+------------------------------+ +------------------------------+ 230-| SuSE Inc. | | SuSE GmbH | 230-| 318 Harrison St. | | Deutschherrnstr. 15-19 | 230-| Oakland, CA 94607 | | 90429 Nuernberg | 230-| USA | | Germany | 230-+------------------------------+ +------------------------------+ 230-| Tel: +1-510-628-3380 | | Tel: +49-911-740530 | 230-| FAX: +1-510-628-3381 | | FAX: +49-911-7417755 | 230-+------------------------------+ +------------------------------+ 230-| http://www.suse.com/ | | http://www.suse.de/ | 230-+------------------------------+ +------------------------------+ 230-Please make sure to read pub/INDEX before sending mail to 230-ftpadmin@suse.com 230- 230-User limit: 600 - consider using a mirror-site: 230-http://www.suse.de/en/support/download/ftp/int_mirrors.html (Int.) 230-http://www.suse.de/en/support/download/ftp/germ_mirrors.html (DE) 230- 230-Users from Europe (in particular German universities): 230-ftp://ftp.gwdg.de/pub/linux/suse/ 230-ftp://ftp.leo.org/pub/comp/os/unix/linux/suse/suse/ 230-ftp://ftp.uni-kl.de/pub/linux/suse/ 230- 230-If you are experiencing any problems with this server, please email 230-ftpadmin@suse.com. 230- 230 Login successful. Have a lot of fun. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 200 PORT command successful. Consider using PASV. -------------------------------------------------- -------------------------------------------------- -----snip------ #My Firewall config for FTP # FTP OUT Control-Connection iptables -A OUTPUT -p TCP --sport $p_high --dport ftp -j ACCEPT iptables -A INPUT -p TCP --dport $p_high --sport ftp ! --syn -j ACCEPT # FTP OUT Passive Data-Connection iptables -A OUTPUT -p TCP --sport $p_high --dport $p_high -j ACCEPT iptables -A INPUT -p TCP --dport $p_high --sport $p_high ! --syn -j ACCEPT # MASQUERADING iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $INT -o $EXT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $EXT -o $INT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p ICMP --icmp-type echo-request -j ACCEPT iptables -A FORWARD -o $EXT -p ICMP --icmp-type echo-request -j ACCEPT iptables -A FORWARD -o $EXT -m state --state NEW -p TCP --sport $p_high --dport ftp -j ACCEPT iptables -A FORWARD -o $EXT -m state --state NEW -p TCP --sport $p_high --dport $p_high -j ACCEPT -----snap----- ---------------------------------------------------------------------- ---------------------------------------------------------------------- tcpdump -i ippp0 19:59:13.290242 217.4.250.8.filenet-tms > 213.95.15.193.domain: 2909 A? ftp.suse.com. (30) (DF) 19:59:13.345807 213.95.15.193.domain > 217.4.250.8.filenet-tms: 2909* 1/2/2 A 217.9.113.66 (132) [tos 0x10] 19:59:13.347190 217.4.250.8.35608 > 217.9.113.66.ftp: S 926670463:926670463(0) win 5840 <mss 1460,sackOK,timestamp 52220628 0, 19:59:13.447849 217.9.113.66.ftp > 217.4.250.8.35608: S 840322402:840322402(0) ack 926670464 win 32120 <mss 1460,sackOK,timest 19:59:13.447945 217.4.250.8.35608 > 217.9.113.66.ftp: . ack 1 win 5840 <nop,nop,timestamp 52220638 2286511272> (DF) 19:59:13.518270 217.9.113.66.ftp > 217.4.250.8.35608: P 1:249(248) ack 1 win 32120 <nop,nop,timestamp 2286511282 52220638> (DF 19:59:13.518367 217.4.250.8.35608 > 217.9.113.66.ftp: . ack 249 win 6432 <nop,nop,timestamp 52220645 2286511282> (DF) [tos 0x1 19:59:13.518817 217.4.250.8.35608 > 217.9.113.66.ftp: F 1:1(0) ack 249 win 6432 <nop,nop,timestamp 52220645 2286511282> (DF) [ 19:59:13.525785 217.9.113.66.ftp > 217.4.250.8.35608: F 249:249(0) ack 1 win 32120 <nop,nop,timestamp 2286511282 52220638> (DF 19:59:13.526164 217.4.250.8.35608 > 217.9.113.66.ftp: . ack 250 win 6432 <nop,nop,timestamp 52220646 2286511282> (DF) [tos 0x1 19:59:13.572175 217.9.113.66.ftp > 217.4.250.8.35608: . ack 2 win 32120 <nop,nop,timestamp 2286511290 52220645> (DF) 19:59:20.501533 217.4.250.8.35609 > 217.9.113.66.ftp: S 933158888:933158888(0) win 5840 <mss 1460,sackOK,timestamp 52221343 0, 19:59:20.551516 217.9.113.66.ftp > 217.4.250.8.35609: S 856735184:856735184(0) ack 933158889 win 32120 <mss 1460,sackOK,timest 19:59:20.551613 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 1 win 5840 <nop,nop,timestamp 52221348 2286511987> (DF) 19:59:20.650476 217.9.113.66.ftp > 217.4.250.8.35609: P 1:67(66) ack 1 win 32120 <nop,nop,timestamp 2286511993 52221348> (DF) 19:59:20.650579 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 67 win 5840 <nop,nop,timestamp 52221358 2286511993> (DF) [tos 0x10 19:59:24.856106 217.4.250.8.35609 > 217.9.113.66.ftp: P 1:11(10) ack 67 win 5840 <nop,nop,timestamp 52221778 2286511993> (DF) 19:59:24.896293 217.9.113.66.ftp > 217.4.250.8.35609: . ack 11 win 32120 <nop,nop,timestamp 2286512422 52221778> (DF) 19:59:24.910156 217.9.113.66.ftp > 217.4.250.8.35609: P 67:118(51) ack 11 win 32120 <nop,nop,timestamp 2286512422 52221778> (D 19:59:24.910224 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 118 win 5840 <nop,nop,timestamp 52221784 2286512422> (DF) [tos 0x1 19:59:26.198941 217.4.250.8.35609 > 217.9.113.66.ftp: P 11:25(14) ack 118 win 5840 <nop,nop,timestamp 52221913 2286512422> (DF 19:59:26.261343 217.9.113.66.ftp > 217.4.250.8.35609: P 118:190(72) ack 25 win 32120 <nop,nop,timestamp 2286512557 52221913> ( 19:59:26.261425 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 190 win 5840 <nop,nop,timestamp 52221919 2286512557> (DF) [tos 0x1 19:59:26.277847 217.9.113.66.ftp > 217.4.250.8.35609: P 190:262(72) ack 25 win 32120 <nop,nop,timestamp 2286512557 52221913> ( 19:59:26.277920 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 262 win 5840 <nop,nop,timestamp 52221920 2286512557> (DF) [tos 0x1 19:59:26.294356 217.9.113.66.ftp > 217.4.250.8.35609: P 262:334(72) ack 25 win 32120 <nop,nop,timestamp 2286512557 52221913> ( 19:59:26.294424 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 334 win 5840 <nop,nop,timestamp 52221922 2286512557> (DF) [tos 0x1 19:59:26.310864 217.9.113.66.ftp > 217.4.250.8.35609: P 334:406(72) ack 25 win 32120 <nop,nop,timestamp 2286512557 52221913> ( 19:59:26.310932 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 406 win 5840 <nop,nop,timestamp 52221924 2286512557> (DF) [tos 0x1 19:59:26.521730 217.9.113.66.ftp > 217.4.250.8.35609: P 406:1771(1365) ack 25 win 32120 <nop,nop,timestamp 2286512563 52221919 19:59:26.521806 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 1771 win 8190 <nop,nop,timestamp 52221945 2286512563> (DF) [tos 0x 19:59:26.523495 217.4.250.8.35609 > 217.9.113.66.ftp: P 25:31(6) ack 1771 win 8190 <nop,nop,timestamp 52221945 2286512563> (DF 19:59:26.599132 217.9.113.66.ftp > 217.4.250.8.35609: P 1771:1790(19) ack 31 win 32120 <nop,nop,timestamp 2286512590 52221945> 19:59:26.638231 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 1790 win 8190 <nop,nop,timestamp 52221957 2286512590> (DF) [tos 0x 19:59:29.151684 217.4.250.8.35609 > 217.9.113.66.ftp: P 31:56(25) ack 1790 win 8190 <nop,nop,timestamp 52222208 2286512590> (D 19:59:29.208498 217.9.113.66.ftp > 217.4.250.8.35609: P 1790:1841(51) ack 56 win 32120 <nop,nop,timestamp 2286512852 52222208> 19:59:29.208584 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 1841 win 8190 <nop,nop,timestamp 52222213 2286512852> (DF) [tos 0x 19:59:29.208840 217.4.250.8.35609 > 217.9.113.66.ftp: P 56:62(6) ack 1841 win 8190 <nop,nop,timestamp 52222213 2286512852> (DF 19:59:29.257378 217.9.113.66.ftp-data > 217.4.250.8.35610: S 870057160:870057160(0) win 32120 <mss 1460,sackOK,timestamp 22865 19:59:29.325064 217.9.113.66.ftp > 217.4.250.8.35609: . ack 62 win 32120 <nop,nop,timestamp 2286512860 52222213> (DF) 19:59:32.304569 217.9.113.66.ftp-data > 217.4.250.8.35610: S 870057160:870057160(0) win 32120 <mss 1460,sackOK,timestamp 22865 Which Ports must I open? Thanks for Your config or Help Roland
my English is not good too... :) look. The FTP server, need a PASSIVE connection. This is done by a FTP-DATA port(port 20). Try to free this port in IPTables too, and everything works fine(I hope so)! the other option is to work in FTP with passive mode disable. good luck Wagner Sartori Junior ----- Original Message ----- From: "Roland Türk" <info@rolandtuerk.de> To: <suse-security@suse.com> Sent: Saturday, January 25, 2003 5:03 PM Subject: [suse-security] Firewall with Iptables
Hello,
Sorry, my English is not so good! I have write my Firewall with Iptables.I can connect an FTP Server but not make a ls or dir.
linux:~ # ftp ftp.suse.com Connected to ftp.suse.com (217.9.113.66). 220 "Welcome to the SuSE ftp server: Please login as user 'ftp'" Name (ftp.suse.com:root): ftp 331 Please send your email address as a password. Password: 230-+----------------------------------------------------------------+ 230-| Welcome to the SuSE Linux FTP archives in Nürnberg Germany | 230-+----------------------------------------------------------------+ 230-+------------------------------+ +------------------------------+ 230-| SuSE Inc. | | SuSE GmbH | 230-| 318 Harrison St. | | Deutschherrnstr. 15-19 | 230-| Oakland, CA 94607 | | 90429 Nuernberg | 230-| USA | | Germany | 230-+------------------------------+ +------------------------------+ 230-| Tel: +1-510-628-3380 | | Tel: +49-911-740530 | 230-| FAX: +1-510-628-3381 | | FAX: +49-911-7417755 | 230-+------------------------------+ +------------------------------+ 230-| http://www.suse.com/ | | http://www.suse.de/ | 230-+------------------------------+ +------------------------------+ 230-Please make sure to read pub/INDEX before sending mail to 230-ftpadmin@suse.com 230- 230-User limit: 600 - consider using a mirror-site: 230-http://www.suse.de/en/support/download/ftp/int_mirrors.html (Int.) 230-http://www.suse.de/en/support/download/ftp/germ_mirrors.html (DE) 230- 230-Users from Europe (in particular German universities): 230-ftp://ftp.gwdg.de/pub/linux/suse/ 230-ftp://ftp.leo.org/pub/comp/os/unix/linux/suse/suse/ 230-ftp://ftp.uni-kl.de/pub/linux/suse/ 230- 230-If you are experiencing any problems with this server, please email 230-ftpadmin@suse.com. 230- 230 Login successful. Have a lot of fun. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 200 PORT command successful. Consider using PASV.
-------------------------------------------------- -------------------------------------------------- -----snip------ #My Firewall config for FTP
# FTP OUT Control-Connection
iptables -A OUTPUT -p TCP --sport $p_high --dport ftp -j ACCEPT iptables -A INPUT -p TCP --dport $p_high --sport ftp ! --syn -j ACCEPT
# FTP OUT Passive Data-Connection
iptables -A OUTPUT -p TCP --sport $p_high --dport $p_high -j ACCEPT iptables -A INPUT -p TCP --dport $p_high --sport $p_high ! --syn -j ACCEPT
# MASQUERADING
iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $INT -o $EXT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p ICMP --icmp-type echo-request -j ACCEPT iptables -A FORWARD -o $EXT -p ICMP --icmp-type echo-request -j ACCEPT
iptables -A FORWARD -o $EXT -m state --state NEW -p TCP --sport $p_high --dport ftp -j ACCEPT iptables -A FORWARD -o $EXT -m state --state NEW -p TCP --sport $p_high --dport $p_high -j ACCEPT
-----snap----- ---------------------------------------------------------------------- ----------------------------------------------------------------------
tcpdump -i ippp0
19:59:13.290242 217.4.250.8.filenet-tms > 213.95.15.193.domain: 2909 A? ftp.suse.com. (30) (DF) 19:59:13.345807 213.95.15.193.domain > 217.4.250.8.filenet-tms: 2909* 1/2/2 A 217.9.113.66 (132) [tos 0x10] 19:59:13.347190 217.4.250.8.35608 > 217.9.113.66.ftp: S 926670463:926670463(0) win 5840 <mss 1460,sackOK,timestamp 52220628 0, 19:59:13.447849 217.9.113.66.ftp > 217.4.250.8.35608: S 840322402:840322402(0) ack 926670464 win 32120 <mss 1460,sackOK,timest 19:59:13.447945 217.4.250.8.35608 > 217.9.113.66.ftp: . ack 1 win 5840 <nop,nop,timestamp 52220638 2286511272> (DF) 19:59:13.518270 217.9.113.66.ftp > 217.4.250.8.35608: P 1:249(248) ack 1 win 32120 <nop,nop,timestamp 2286511282 52220638> (DF 19:59:13.518367 217.4.250.8.35608 > 217.9.113.66.ftp: . ack 249 win 6432 <nop,nop,timestamp 52220645 2286511282> (DF) [tos 0x1 19:59:13.518817 217.4.250.8.35608 > 217.9.113.66.ftp: F 1:1(0) ack 249 win 6432 <nop,nop,timestamp 52220645 2286511282> (DF) [ 19:59:13.525785 217.9.113.66.ftp > 217.4.250.8.35608: F 249:249(0) ack 1 win 32120 <nop,nop,timestamp 2286511282 52220638> (DF 19:59:13.526164 217.4.250.8.35608 > 217.9.113.66.ftp: . ack 250 win 6432 <nop,nop,timestamp 52220646 2286511282> (DF) [tos 0x1 19:59:13.572175 217.9.113.66.ftp > 217.4.250.8.35608: . ack 2 win 32120 <nop,nop,timestamp 2286511290 52220645> (DF) 19:59:20.501533 217.4.250.8.35609 > 217.9.113.66.ftp: S 933158888:933158888(0) win 5840 <mss 1460,sackOK,timestamp 52221343 0, 19:59:20.551516 217.9.113.66.ftp > 217.4.250.8.35609: S 856735184:856735184(0) ack 933158889 win 32120 <mss 1460,sackOK,timest 19:59:20.551613 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 1 win 5840 <nop,nop,timestamp 52221348 2286511987> (DF) 19:59:20.650476 217.9.113.66.ftp > 217.4.250.8.35609: P 1:67(66) ack 1 win 32120 <nop,nop,timestamp 2286511993 52221348> (DF) 19:59:20.650579 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 67 win 5840 <nop,nop,timestamp 52221358 2286511993> (DF) [tos 0x10 19:59:24.856106 217.4.250.8.35609 > 217.9.113.66.ftp: P 1:11(10) ack 67 win 5840 <nop,nop,timestamp 52221778 2286511993> (DF) 19:59:24.896293 217.9.113.66.ftp > 217.4.250.8.35609: . ack 11 win 32120 <nop,nop,timestamp 2286512422 52221778> (DF) 19:59:24.910156 217.9.113.66.ftp > 217.4.250.8.35609: P 67:118(51) ack 11 win 32120 <nop,nop,timestamp 2286512422 52221778> (D 19:59:24.910224 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 118 win 5840 <nop,nop,timestamp 52221784 2286512422> (DF) [tos 0x1 19:59:26.198941 217.4.250.8.35609 > 217.9.113.66.ftp: P 11:25(14) ack 118 win 5840 <nop,nop,timestamp 52221913 2286512422> (DF 19:59:26.261343 217.9.113.66.ftp > 217.4.250.8.35609: P 118:190(72) ack 25 win 32120 <nop,nop,timestamp 2286512557 52221913> ( 19:59:26.261425 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 190 win 5840 <nop,nop,timestamp 52221919 2286512557> (DF) [tos 0x1 19:59:26.277847 217.9.113.66.ftp > 217.4.250.8.35609: P 190:262(72) ack 25 win 32120 <nop,nop,timestamp 2286512557 52221913> ( 19:59:26.277920 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 262 win 5840 <nop,nop,timestamp 52221920 2286512557> (DF) [tos 0x1 19:59:26.294356 217.9.113.66.ftp > 217.4.250.8.35609: P 262:334(72) ack 25 win 32120 <nop,nop,timestamp 2286512557 52221913> ( 19:59:26.294424 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 334 win 5840 <nop,nop,timestamp 52221922 2286512557> (DF) [tos 0x1 19:59:26.310864 217.9.113.66.ftp > 217.4.250.8.35609: P 334:406(72) ack 25 win 32120 <nop,nop,timestamp 2286512557 52221913> ( 19:59:26.310932 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 406 win 5840 <nop,nop,timestamp 52221924 2286512557> (DF) [tos 0x1 19:59:26.521730 217.9.113.66.ftp > 217.4.250.8.35609: P 406:1771(1365) ack 25 win 32120 <nop,nop,timestamp 2286512563 52221919 19:59:26.521806 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 1771 win 8190 <nop,nop,timestamp 52221945 2286512563> (DF) [tos 0x 19:59:26.523495 217.4.250.8.35609 > 217.9.113.66.ftp: P 25:31(6) ack 1771 win 8190 <nop,nop,timestamp 52221945 2286512563> (DF 19:59:26.599132 217.9.113.66.ftp > 217.4.250.8.35609: P 1771:1790(19) ack 31 win 32120 <nop,nop,timestamp 2286512590 52221945> 19:59:26.638231 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 1790 win 8190 <nop,nop,timestamp 52221957 2286512590> (DF) [tos 0x 19:59:29.151684 217.4.250.8.35609 > 217.9.113.66.ftp: P 31:56(25) ack 1790 win 8190 <nop,nop,timestamp 52222208 2286512590> (D 19:59:29.208498 217.9.113.66.ftp > 217.4.250.8.35609: P 1790:1841(51) ack 56 win 32120 <nop,nop,timestamp 2286512852 52222208> 19:59:29.208584 217.4.250.8.35609 > 217.9.113.66.ftp: . ack 1841 win 8190 <nop,nop,timestamp 52222213 2286512852> (DF) [tos 0x 19:59:29.208840 217.4.250.8.35609 > 217.9.113.66.ftp: P 56:62(6) ack 1841 win 8190 <nop,nop,timestamp 52222213 2286512852> (DF 19:59:29.257378 217.9.113.66.ftp-data > 217.4.250.8.35610: S 870057160:870057160(0) win 32120 <mss 1460,sackOK,timestamp 22865 19:59:29.325064 217.9.113.66.ftp > 217.4.250.8.35609: . ack 62 win 32120 <nop,nop,timestamp 2286512860 52222213> (DF) 19:59:32.304569 217.9.113.66.ftp-data > 217.4.250.8.35610: S 870057160:870057160(0) win 32120 <mss 1460,sackOK,timestamp 22865
Which Ports must I open?
Thanks for Your config or Help
Roland
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hello Roland, * Roland Türk wrote on 25 Jan 2003:
Hello,
Sorry, my English is not so good! I have write my Firewall with Iptables.I can connect an FTP Server but not make a ls or dir.
Have a look at http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html Short digest: Filtering FTP with IPTABLEs is quite simple. You just must load the module "ip_conntrack_ftp". To allow generel access, do this: iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT Have a look at --state, that's important. Active FTP: iptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT Passive FTP: iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT Filtering FTP without stateful packet filtering, is really bad. (I think, if you do generally a iptables -A OUTPUT --state ESTABLISHED, RELATED -j ACCEPT FTP-filtering would be just a few rules :-) ) Greetz, Tom -- Preissler Thomas Registered Linux User #265745 GPG-Key: 1024D/C21DAB7F http://counter.li.org/ Some people, when confronted with a problem, think 'I know, I'll use regular expressions.' Now they have two problems. -- Jamie Zawinski, alt.religion.emacs (08/12/1997)
* Roland Türk wrote on Sat, Jan 25, 2003 at 20:03 +0100:
I have write my Firewall with Iptables.I can connect an FTP Server but not make a ls or dir. ftp> dir 200 PORT command successful. Consider using PASV.
And, did you considered using PASV? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (4)
-
Roland T�rk -
Steffen Dettmer -
Thomas Preissler -
Wagner Sartori Junior