Firewall blocking FTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok. I goofed somewhere. I setup a firewall to do port forwarding, ip
masquerading, and port blocking. All seems to work fine, EXCEPT that I
cannot ftp. So how can I modify the rules shown below (from
iptables-save) to make port AND pasv ftp work? It only seems to be ftp.

Thanks!

- --- Dan


# Generated by iptables-save v1.2.8 on Thu Sep 11 20:15:39 2003 *nat :PREROUTING ACCEPT [1096:83209] :POSTROUTING ACCEPT [1873:150574] :OUTPUT ACCEPT [3386:269119] - -A PREROUTING -s ! 192.168.0.0/255.255.255.0 -p tcp -m multiport - --dports 8021,8023,webcache,binkp,65535,3021 -j DNAT --to-destination 192.168.0.10 - -A PREROUTING -s ! 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.0.10:8023 - -A POSTROUTING -o eth1 -j MASQUERADE COMMIT # Completed on Thu Sep 11 20:15:39 2003 # Generated by iptables-save v1.2.8 on Thu Sep 11 20:15:39 2003 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [20509:13605663] :OUTPUT ACCEPT [17786:3595002] - -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - -A INPUT -p tcp -m tcp --dport 2064 -j ACCEPT - -A INPUT -p tcp -m multiport --dports 8021,8023,webcache,binkp,65535 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT - -A INPUT -i eth0 -p udp -m udp --sport 137 -j ACCEPT - -A INPUT -i eth0 -p tcp -m tcp --dport 139 -j ACCEPT - -A INPUT -p tcp -m multiport --dports smtp,ftp,telnet,ssh,sunrpc,8025,pgpkeyserver -j ACCEPT - -A INPUT -p tcp -m multiport --dports telnet,ssh,domain,nntp,ntp,printer,pop3,imap,http,https,netbios-ns,netbios-dgm,netbios-ssn,sunrpc - -j ACCEPT - -A INPUT -p udp -m multiport --dports domain,ntp,router,netbios-ns,netbios-dgm,netbios-ssn -j ACCEPT - -A INPUT -i lo -j ACCEPT - -A INPUT -p udp -m multiport --dports daytime,time,utime,timed -j ACCEPT - -A INPUT -p tcp -m tcp --dport 11370 -j ACCEPT - -A INPUT -i eth1 -p icmp -m limit --limit 3/sec -m icmp --icmp-type 8 -j ACCEPT - -A INPUT -j REJECT --reject-with icmp-host-unreachable COMMIT # Completed on Thu Sep 11 20:15:39 2003

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQE/YrTFxQEzeXtVwzoRAjJ5AKCeGhkcvz32rk6Dkrqr/6SgzBMA+ACgzRmv
PUcAJRClZ0SF4CGiu7nbQ+A=
=UTJ2
-----END PGP SIGNATURE-----




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux