[Q] iptables, rules for FTP-server

Hello,

i'm just done setting up the fw for a machine that act's as a masquerading proxie and a ftp server. Unfortunately i'm far from a pro on this area, so i'd like to ask here if what i have done about the ftp part is okay or if i messed up. Masquerading works, btw, so there should be at last _some_ hope left :-)

$EXTIF points to my ppp0, ppp0 gets a new dynamic ip each time i dial in.

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 21 -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A INPUT -i $EXTIF -p tcp --sport 1024: --dport 20 -m state

--state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport 1024: --sport 20 -m state

--state ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT -i $EXTIF -p tcp --sport 1024: --dport 1024: -m state

--state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 1024: --dport 1024: -m state

--state ESTABLISHED -j ACCEPT

Thanks!

If you are clueless, just keep off from offering public ftp service. Your box can be abused for criminal activities and they might just blame it on you.

Wolfgang

Thanks, but i do run the ftp server on the same box that is "connected to the isp". Do i understand it right that in my case nat isn't necessary ?

I was asking because in my first attempt client machines "in the internet" could not connect to my ftp server. Just then i realized that i better add some rules to allow traffic for the ftp server.