FTP across a Firewall

My home computer has GNU/ Linux (FC4 to be precise) behind the IPTables firewall. The way it has been configured allows very limited incoming connections (port 80 only) and more or less no limit on outgoing connections.
Works fine except when I have to access an FTP in passive mode, from behind this firewall. Till recently, ignorant me would let my guard down, open a few more holes in my firewall, and then access FTP sites that didnot allow non passive connections. But thanks to ip_conntrack_ftp, I can access FTP from behind a very strict firewall.

I have been told I need at least this rule



-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

in


/etc/sysconfig/iptables

for the input chain. (INPUT may be named differently on your system).

and a little command like this

/sbin/modprobe ip_conntrack_ftp

in

/etc/rc.local

ip_conntrack_ftp would automatically track any Passive FTP connection requests and allow connection, without opening any serious holes in you firewall.

May the Iptables god bless your GNU/ Linux box and keep you safe from the evil script kiddie.

Submitted by Ajay Pal Singh Atwal on March 6, 2006 - 1:36am. categories [ GNU/ Linux | Security ] Ajay Pal Singh Atwal's blog | 623 reads

Post new comment

*
*
The content of this field is kept private and will not be shown publicly.


*

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <b>
  • Lines and paragraphs break automatically.
More information about formatting options