Re: no scp or ftp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark Strasheim wrote:
> Aloha
>
> i have a singel interface and do the following iptables commands
> everthings works as i should ( there are some more services with UDP )
>
> iptables -N allowed
> iptables -A allowed -j ACCEPT
> iptables -A INPUT -p TCP --dport 22 -j allowed
> iptables -A INPUT -p TCP --dport 21 -j allowed
> iptables -A INPUT -p UDP --dport 68 -j allowed
> iptables -A INPUT -m state --state RELATED -j allowed
> iptables -A INPUT -m state --state ESTABLISHED -j allowed
> iptables -A INPUT -j DROP
>
> i can also login per ssh and connect to ftp, but scp and ftp auth don't work.
> I anderstand that they talk about a new port and that the firewall don't see
> the exchange of that data and therefor can get set the state engine to related or established.
> For ftp i loaded the con tracking module ... ( i know it for nat but i hopped :) ) but i didn't work.
Not sure I understand. scp only uses tcp/22. It doesn't use a data port
like ftp. I would expect that scp would work fine. How 'bout a -j LOG
statement right before the DROP to see what's being dropped.
/phil
-----BEGIN PGP SIGNATURE-----
Comment: Public Key: http://www.dyermaker.org/gpgkey.asc
iD8DBQFB+vmK0q9tKssDeQcRAu5+AJ0X+NGTHy6i6XkNRfNB275vNdiTawCcCSWs
nm98Q31csLoZS1BUasr99lE=
=utx6
-----END PGP SIGNATURE-----
Reply to: