-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 2 Feb 2003 16:58:24 -0500, gabriel wrote:
> On February 2, 2003 11:43 am, exits funnel wrote: > > ipchains -I input -p tcp -s 192.145.23.101 --sport > > 1:1024 -d 192.145.23.102 --dport 1:1024 -j ACCEPT > > i think the problem stems from the fact that you're only allowing > unlimited traffic on unpriviledged ports (i can't spell). if you want > to allow --complete-- communication between the two you should just > remove the --sport xxx and --dport xxx requirements on your chain. > > it's just a guess, since i use iptables, not chains, but that's my > best guess ;-). Yes. And reply packets are not covered at all by that rule. And without knowing the complete set of rules, one cannot comment on this single rule anyway. The output of ipchains-save would be the least I would like to see. Btw, opening all priviledged ports when in fact you want *just* active/passive FTP (ports ftp and ftp-data) is a strange approach, too. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+PbSX0iMVcrivHFQRArf+AJ4gNnJnnsG6J7QTlC5q3pxKJyQlBACfQMfo ZVsQMIYaaaZsK8bXzQ9TVls= =z/ID -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list