[tproxy] To overcome firewall reject rule

eric_chao at trend.com.tw eric_chao at trend.com.tw
Thu Aug 3 14:28:39 CEST 2006


Hi All,

I have a problem with my firewall settings.

Currently, tproxy cannot work with with FTP in active mode.

In my firewall settings, I have
		............
	# Allow packets that belong to tproxy pass.
        iptables -A INPUT -m tproxy -j ACCEPT    # Accept all traffic
for tproxy??

        #### Default Drop everything in INPUT chain
        iptables -P INPUT DROP				# NOTE the
default DROP policy
        iptables -P OUTPUT ACCEPT
		.........

For Active FTP, my proxy server is listening on behalf of the connected
client but somehow the FTP server cannot connect back due to the
firewall DROP policy on INPUT.

What I want is to accept all tproxy traffic even with the default DROP
policy.
Will "iptables -A INPUT -m tproxy -j ACCEPT" impose any security
concerns?

Thanks very much for any help.


TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20060803/65adea77/attachment.html


More information about the tproxy mailing list