Re: no scp or ftp

To: debian-firewall@lists.debian.org
Subject: Re: no scp or ftp
From: Phil Dyer <phil.dyer@cox.net>
Date: Fri, 28 Jan 2005 21:48:42 -0500
Message-id: <41FAF98A.3080207@cox.net>
In-reply-to: <1521437506@web.de>
References: <1521437506@web.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Strasheim wrote:
> Aloha
> 
> i have a singel interface and do the following iptables commands
> everthings works as i should ( there are some more services with UDP )
> 
> iptables -N allowed
> iptables -A allowed -j ACCEPT
> iptables -A INPUT -p TCP --dport 22 -j allowed
> iptables -A INPUT -p TCP --dport 21 -j allowed
> iptables -A INPUT -p UDP --dport 68 -j allowed
> iptables -A INPUT -m state --state RELATED -j allowed
> iptables -A INPUT -m state --state ESTABLISHED -j allowed
> iptables -A INPUT -j DROP
> 
> i can also login per ssh and connect to ftp, but scp and ftp auth don't work.
> I anderstand that they talk about a new port and that the firewall don't see 
> the exchange of that data and therefor can get set the state engine to related or established.
> For ftp i loaded the con tracking module ... ( i know it for nat but i hopped :) ) but i didn't work.

Not sure I understand. scp only uses tcp/22. It doesn't use a data port
like ftp. I would expect that scp would work fine. How 'bout a -j LOG
statement right before the DROP to see what's being dropped.


/phil

-----BEGIN PGP SIGNATURE-----
Comment: Public Key: http://www.dyermaker.org/gpgkey.asc

iD8DBQFB+vmK0q9tKssDeQcRAu5+AJ0X+NGTHy6i6XkNRfNB275vNdiTawCcCSWs
nm98Q31csLoZS1BUasr99lE=
=utx6
-----END PGP SIGNATURE-----

Reply to:

References:
- no scp or ftp
  - From: "Mark Strasheim" <Strasheim@web.de>

Prev by Date: Hierarquia de regras no iptables
Next by Date: Re: no scp or ftp
Previous by thread: Re: no scp or ftp
Next by thread: Re: no scp or ftp
Index(es):
- Date
- Thread