[NCLUG] debugging ftp iptables
Matt Rosing
rosing at peakfive.com
Thu Jan 24 17:20:16 MST 2013
First of all, sorry about sending all the extra stuff in my last email.
Kind of like the first time I did mail with r instead of R, and it went
to the entire university. I've been very careful with reply all ever since.
Anyway, someone else pointed out to me that if a packet is fragmented
and the server doesn't like it it will send back an ICMP packet with a
Too Big code. I don't think my firewall forwards ICMP packets. What is
involved in forwarding icmp packets?
Currently my iptables has POSTROUTING MASQUARADE all protocols but only
has PREROUTING DNAT for the tcp protocol. Should that be all protocols, too?
Also, my FORWARD chain accepts all protocols coming in from the outside
if they are RELATED, ESTABLISHED. Is it safe to assume that once my ftp
client starts talking to the server that the icmp packet is part of the
connection?
Thanks,
Matt
More information about the NCLUG
mailing list