iptables and proftpd
Hi all,
I have a little problem with my proftpd server and my firewall
I have a sarge, kernel 2.4.19 (custom).
I have open the 2 port 20 and 21 but when someone try to connecte on it
he can't get the file list.
iptables rules :
# ftp
iptables -A server-in -m state --state NEW,ESTABLISHED -p tcp --dport
ftp -j ACCEPT
iptables -A server-in -m state --state NEW,ESTABLISHED -p tcp --sport
ftp -j ACCEPT
iptables -A server-out -m state --state NEW,ESTABLISHED -p tcp --dport
ftp -j ACCEPT
iptables -A server-out -m state --state NEW,ESTABLISHED -p tcp --sport
ftp -j ACCEPT
# ftp-data
iptables -A server-in -m state --state NEW,ESTABLISHED -p tcp --dport 20
-j ACCEPT
iptables -A server-in -m state --state NEW,ESTABLISHED -p tcp --sport 20
-j ACCEPT
iptables -A server-out -m state --state NEW,ESTABLISHED -p tcp --dport
20 -j ACCEPT
iptables -A server-out -m state --state NEW,ESTABLISHED -p tcp --sport
20 -j ACCEPT
I have tried this :
# ftp
iptables -A server-in -p tcp --dport 21 -j ACCEPT
iptables -A server-in -p tcp --sport 21 -j ACCEPT
iptables -A server-out -p tcp --dport 21 -j ACCEPT
iptables -A server-out -p tcp --sport 21 -j ACCEPT
# ftp-data
iptables -A server-in -p tcp --dport 20 -j ACCEPT
iptables -A server-in -p tcp --sport 20 -j ACCEPT
iptables -A server-out -p tcp --dport 20 -j ACCEPT
iptables -A server-out -p tcp --sport 20 -j ACCEPT
in fact, in a shell, everything's working, but if I use mc or mozilla, I
can't list the files
iptables' logs for mc :
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=49345 DF PROTO=TCP SPT=38311 DPT=32793
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=49346 DF PROTO=TCP SPT=38311 DPT=32793
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=49347 DF PROTO=TCP SPT=38311 DPT=32793
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=49348 DF PROTO=TCP SPT=38311 DPT=32793
WINDOW=5840 RES=0x00 SYN URGP=0
iptables' logs for mozilla :
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=49569 DF PROTO=TCP SPT=38320 DPT=32794
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=49570 DF PROTO=TCP SPT=38320 DPT=32794
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=49571 DF PROTO=TCP SPT=38320 DPT=32794
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=49572 DF PROTO=TCP SPT=38320 DPT=32794
WINDOW=5840 RES=0x00 SYN URGP=0
why mozilla or mc try to connect on port 3279X ???
thanks for you help
yoann
___________________________________________________________________
Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo !
Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w
Reply to: