IPTABLES rules for active FTP
Rashkae
ubuntu at tigershaunt.com
Mon May 18 00:54:46 UTC 2009
Noah wrote:
> Hi there,
>
> I have found a few ways to do IPTABLES rules for active FTP. What is
> the best rules to put in place?
>
> Cheers,
>
> Noah
>
There should be a kernel module that will empower conntrack to handle
active ftp traffic properly. Make certain that nf_conntrack_ftp.ko is
loaded with lsmod, and if it isn't use modprobe to load it. You
shouldn't need any special iptables rules after that, just the one liner
that you use to snat or masquerade will work.
For that matter, look in your /lib/modules/version/kernel/net/netfilter
directory. I would make sure that each of those modules is loaded for
an Internet gateway system.
More information about the ubuntu-users
mailing list