Active FTP -> NAT Firewall?????
From: Winky (embree@speakeasy.net)Date: 03/27/02
- Next message: imatexan@swbell.net: "Re: Zone Alarm Pro 3"
- Previous message: Lutz Donnerhacke: "Re: Allowing PCAnywhere into network that has private IPs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Winky <embree@speakeasy.net> Date: Wed, 27 Mar 2002 08:37:29 -0500
I'm new to firewalls and iptables...
I can not communicate w/ ftp from behind my NAT Firewall to a remote
server that uses only active mode. Any attempt to ftp defaults to
passive and of course is not excepted on the other end. I'm running
Redhat 7.2 w/ Kernel 2.4.16 and iptables 1.2.6a below is my simplistic
iptables settings(remember this is new to me). The ip_nat_ftp and
ip_conntrack_ftp modules are both loaded.
To my understanding Active ftp will hav the server initiate a tcp
connection on port 20 for the flow of data. How do I accept just this
connection and not any other unwanted connections.
-t filter -P INPUT ACCEPT
-t filter -P FORWARD REJECT
-t filter -P OUTPUT ACCEPT
-t filter -A INPUT -i eth0 -p tcp --syn --destination-port 22 -j ACCEPT
-t filter -A INPUT -i lo -j ACCEPT
-t filter -A INPUT -i eth1 -j ACCEPT
-t filter -A INPUT -p tcp --syn -j DROP
-t filter -A INPUT -p udp -j DROP
-t nat -A POSTROUTING -o eth0 -j MASQUERADE
I'd much appreciate any help, advice or corrections to false
understandings that anyone can supply me. Thanks.
- Next message: imatexan@swbell.net: "Re: Zone Alarm Pro 3"
- Previous message: Lutz Donnerhacke: "Re: Allowing PCAnywhere into network that has private IPs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
