Debian 2.6.8/bridge/iptables/passive ftp

[spaminator@web.de]

Hi out there,

thanks for your replies.

@Ray
I already stumbled over http://slacksite.com/other/ftp.html and built my 
ruleset accordingly. As far as I understand you should be able to cater just 
for passive ftp.

@Arnd-Hendrik
I am not opening the high ports on the ftp server box. The (passive) ftp client 
sends the first request from a highport to port 21 on the server box. Have a 
look at the diagrams at slacksite. Which helper module do you refer to?

@Martijn
Your hint pointing to ip_conntrack_ftp lead to the solution. lsmod showed me 
that the module had not been loaded. After loading my ruleset worked and the 
clients could ftp properly.

Rebooting the bridge box left me again with an unloaded ip_conntrack_ftp. So I 
made an entry in /etc/modules which caters for the module to be loaded on 
(re)boot. Strange thing that, because other modules related to iptables are 
being loaded automatically, although they are not compiled into the kernel too. 
Are there other "surprise"-modules that have to be loaded via /etc/modules?

cu
Jo

_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192