iptables and FTP
From: charly (kanari_at_yahoo.fr)
Date: 05/14/03
- Previous message: sdawson_at_bluelime.ca: "Unix Administrator Contract Position - Ottawa"
- Next in thread: Alessandro Selli: "Re: iptables and FTP"
- Reply: Alessandro Selli: "Re: iptables and FTP"
- Reply: Julien Salgado: "Re: iptables and FTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 May 2003 11:52:12 +0200
Greetings,
My box is a linux distro is mandrake.
I installed iptables and it works nearly ok :)
I cannot get filelist from ftp servers : I can login/pass but get a
connection time out when trying to acces the file list.
I think there must be something wrong in my script regarding iptables
configuration :
#!/bin/sh
#Reset All rules
protec="/sbin/iptables"
$protec -t nat -F
$protec -t mangle -F
$protec -t filter -F
$protec -F INPUT
$protec -F OUTPUT
$protec -F FORWARD
$protec -Z INPUT
$protec -Z OUTPUT
$protec -Z FORWARD
#Default rule : no Input
$protec -P INPUT DROP
$protec -P OUTPUT ACCEPT
$protec -P FORWARD DROP
#-------------------------------------------------------------------------------
#open all doors for input from eth0
#$protec -A INPUT -i eth0 -j ACCEPT
#$protec -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Reminder
#53 DNS
#110 pop3
#119 new
#80 HTTP
#20 21 FTP
$protec -A INPUT -i eth0 --protocol tcp --source-port 80 -m state
--state ESTABLISHED -j ACCEPT
$protec -A OUTPUT -o eth0 --protocol tcp --destination-port 80 -m state
--state NEW,ESTABLISHED -j ACCEPT
$protec -A INPUT -i eth0 --protocol udp --source-port 53 -j ACCEPT
$protec -A OUTPUT -o eth0 --protocol udp --destination-port 53 -j ACCEPT
$protec -A INPUT -i eth0 --protocol tcp --source-port 53 -j ACCEPT
$protec -A OUTPUT -o eth0 --protocol tcp --destination-port 53 -j ACCEPT
$protec -A INPUT -p tcp -m multiport --sport 110,119,20,21 -j ACCEPT
$protec -A OUTPUT -o eth0 --protocol tcp --destination-port 25 -j ACCEPT
$protec -A OUTPUT -o eth0 --protocol tcp --destination-port 20 -j ACCEPT
$protec -A OUTPUT -o eth0 --protocol tcp --destination-port 21 -j ACCEPT
#Ping killer
$protec -A INPUT -p icmp --icmp-type 8 -j DROP
#-------------------------------------------------------------------------------
# Localhost is allowed both ways
$protec -A INPUT -i lo -j ACCEPT
$protec -A OUTPUT -o lo -j ACCEPT
#-------------------------------------------------------------------------------
#Allow connexion from ssh from outside
$protec -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
#$protec -A FORWARD -i eth1 -j ACCEPT
#$protec -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$protec -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#-------------------------------------------------------------------------------
# My ISP blocks incoming packets to port 80, so I want to be able to
# use my own machine as a web server
#$protec -t nat -A PREROUTING -p tcp --dport 1234 -j REDIRECT --to-ports 80
#$protec -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward
#--- END OF SCRIPT ---
many thanks if someone can help me out :)
- Previous message: sdawson_at_bluelime.ca: "Unix Administrator Contract Position - Ottawa"
- Next in thread: Alessandro Selli: "Re: iptables and FTP"
- Reply: Alessandro Selli: "Re: iptables and FTP"
- Reply: Julien Salgado: "Re: iptables and FTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
