IPchains Troubles
From: none@nobody.netDate: 03/05/02
- Next message: Dimitri Maziuk: "Re: job question/any thoughts would be appreciated."
- Previous message: TJE: "Re: ftp server and IP filters"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: none@nobody.net Date: Tue, 05 Mar 2002 20:21:32 GMT
I am using a linux 7.2 box set-up with IPchains........I can't seem to FTP
properly from behind my firewall.
I keep getting "port errors" & "no port specified" when I try to FTP see
below.
C:\>ftp
ftp> open
To ftp.whoever.net
Connected to flash.sonic.net.
220 flash FTP server ready.
User (ftp.whoever.net:(none)): myusername
331 Password required for myusername.
Password: can't tell er I'd have to kill ya
230 User myusername logged in. <-------------------so this part obviously
works
ftp> cd ../../to the dir I want../../../
250 CWD command successful.
ftp> bi
200 Type set to I.
ftp> mput
Local files c:\New.zip
mput c:\New.zip? yes
500 Illegal PORT command.
503 No PORT command issued first.
ftp>
I've used FTP a decent amount and have never seen this ERROR......
I just went through a few days ago and "tightened" my IPchains ....this is
what they look like
Firewall has 3 interfaces....eth0(outside/untrusted) eth1(inside/trusted)
eth2(inside/trusted):
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 1 -j icmp
-A input -s 0.0.0.0/0.0.0.0 -d [myextip]--dport 864 -p udp -l -j REJECT
-A input -s 0.0.0.0/0.0.0.0 -d [myextip]--dport 6000 -p tcp -l -j REJECT
-A input -s [myDNSserver1] -d 0/0 -p udp -j ACCEPT
-A input -s [myDNSserver2] -d 0/0 -p udp -j ACCEPT
-A icmp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
-A input -i eth1 -s 172.16.0.0/24 -d 0.0.0.0/0 -j ACCEPT
-A input -i eth2 -s 192.168.0.0/24 -d 0.0.0.0/0 -j ACCEPT
-A input -i eth0 -s 172.16.0.0/24 -d 0.0.0.0/0 -l -j REJECT
-A input -i eth0 -s 192.16.0.0/24 -d 0.0.0.0/0 -l -j REJECT
-A input -i eth0 -s 0.0.0.0/0 -d [myextip] -j ACCEPT <------I'm still
tryin to figure the validity of this one = seems like, ALLOW everyone in
from my ext interface..not sure
-A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
-A input -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
-A output -i eth1 -s 0.0.0.0/0 -d 172.16.0.0/24 -j ACCEPT
-A output -i eth2 -s 0.0.0.0/0 -d 192.168.0.0/24 -j ACCEPT
-A output -i eth0 -s 0.0.0.0/0 -d 172.16.0.0/24 -l -j REJECT
-A output -i eth0 -s 0.0.0.0/0 -d 192.168.0.0/24 -l -j REJECT
-A output -i eth0 -s 172.16.0.0/24 -d 0.0.0.0/0 -l -j REJECT
-A output -i eth0 -s 192.168.0.0/24 -d 0.0.0.0/0 -l -j REJECT
-A output -i eth0 -s [myextip] -d 0.0.0.0/0 -j ACCEPT
-A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
-A output -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
-A forward -i eth0 -s 172.16.0.1/24 -d 0.0.0.0/0 -j MASQ
-A forward -i eth0 -s 192.168.0.1/24 -d 0.0.0.0/0 -j MASQ
-A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
Soooo...if you managed to get this far. Can you tell with the above ruleset
why I can't FTP?
Thanks for your time in advance....
- Next message: Dimitri Maziuk: "Re: job question/any thoughts would be appreciated."
- Previous message: TJE: "Re: ftp server and IP filters"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
