On December 20, 2003 03:11 pm, Bob Smith wrote: > I need to figure that out. Would this work: > -A <INPUT_RULE> -p tcp -m tcp --dport 0:1023 --syn -j ACCEPT > or should I go with: > *filter > > :INPUT ACCEPT [0:1023] > :FORWARD ACCEPT [0:1023] > :OUTPUT ACCEPT [0:1023] > > Right not my tables look like: > *filter > > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :<INPUT_RULE> - [0:0] > > -A INPUT -j <INPUT_RULE> > -A FORWARD -j <INPUT_RULE> > -A <INPUT_RULE> -p tcp -m tcp --dport 20 --syn -j ACCEPT > -A <INPUT_RULE> -p tcp -m tcp --dport 21 --syn -j ACCEPT > ... opening rules > -A <INPUT_RULE> -p tcp -m state --state NEW,INVALID,ESTABLISHED,RELATED > -i eth0 --dport 20:21 -j LOG --log-prefix "NetF FTP Failure: " > <reject rules> > ... with my other specific port openings and closing rules. I thought I > would try to catch any messages for the two FTP ports. have you tried "iptables -L -n" to see what your fw is doing? I can't really follow the syntax as it is mostly from the gui tool (redhat-config-securitylevel ?). > Actually, I don't have an /etc/inetd.d folder, but I do have an init.d, > which is where I found the vsftpd file that it appears /sbin/service > uses. It doesn't mention stream in it. Intersting it does not run as a inetd service! WOOPS, now I see the problem, I am leading you astray, it is xinetd now, not inetd, so the dir where your telnet, and normally ftpd reside is /etc/xinetd.d/ > I have temporarily released the system's firewall block on telnet, and > cannot access the telnet port. I have also just checked, and I cannot Is the telnet daeman listening? (ususlly it would be started via xinetd) You may need to allow sendmail & telnet in tcpwrappers (sendmail in RH's rpm is compiled aginst tcpwrappers so you may be having issues there as well. But that happens after the firewall and will send back a error to the client, usually like access denied, before you even get a prompt. I presume you are simply not connecting at all as far as the client is concerned. > > The system connects to a switch which is then connected to the DSL modem > for its Internet connection. There is another network that also runs > off that same switch, but there is nothing from that other network which > connects to my network, nor is there any other network element between > the system and the modem, other than the cables... :-) Did you try an ftp from that other network? You may need to add a route, but at least your isp woun't be involved. > > I am unable to locate any logging messages regarding vsftpd in > /var/log/messages. I'm not able to locate any messages in > /var/log/messages, or any other log, with a grep for NetF, as set up in > iptables for that rule to log anything incoming on port 21. Make sure there is a log entry before any other accept rules. Maybe someone else that reads this and uses the same tool as originally set these up, can comment on the iptables rules you have listed. -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
