> On Fri, 29 Jun 2007, Jorge Bastos wrote:
> > I need a little help from you.
> > Wich ports should i open more for passive mode to work?
> > With this, passive stop's working.


> > iptables -A INPUT -d $IP -p tcp --dport 80 -j ACCEPT
> > iptables -A INPUT -d $IP -p tcp --dport 20 -j ACCEPT
> > iptables -A INPUT -d $IP -p tcp --dport 21 -j ACCEPT
> > # deny the rest
> > iptables -A INPUT -d $IP -j DROP


On 29.06.07 09:25, A. Khattri wrote:
> You probably should use the state matching module to get FTP working:
>
> iptables -A INPUT --protocol tcp --dport 21 -m state --state NEW -j ACCEPT
> iptables -A OUTPUT --protocol tcp -m state --state RELATED,ESTABLISHED -j ACCEPT


and it's MUCH more efficient than playing with PassivePorts. PassivePorts
should only be used if you can't do statefull firewall

> Im assuming your proftpd config is setup to do passive FTP.


FTP server can't be set up to do passive FTP, using passive/port FTP is
client's decisionl. Server only can be set up to refuse passive FTP, which
would make users with broken FTP-unaware firewalls unhappy.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html