rules for FTP access

To: debian-firewall@lists.debian.org
Subject: rules for FTP access
From: Fabrizio Sannicolo' <fabrizio.sannicolo@gmail.com>
Date: Wed, 31 Aug 2005 15:07:53 +0200
Message-id: <[🔎] 4315ABA9.2000201@gmail.com>
Reply-to: fabrizio.sannicolo@gmail.com

dear Sir/Madam,

I have a linux box (sarge) as router/firewall in my organization. At the
moment that Linux box has 3 ethernet cards as follows:

eth0 with public IP
eth1 private subnet
eth2 DMZ and WiFi

I use iptables to forward traffic from Intranet to Internet and
viceversa using a rule such as

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $SERV_EXT

I also enable specific services with rules such as

iptables -A INPUT -i eth2 -s 192.168.3.0/24 -p tcp --dport 22 -m state
--state NEW -j ACCEPT

or

iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -m state --state
NEW -j ACCEPT

for any chain I let ESTABLISHED and RELATED connection...

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT


and, at the end of each chain (INPUT, OUTPUT and FORWARD), I put

iptables -A INPUT -j DROP

my problem is that I am not able to enable ftp connections ...

Could you help me, please?

thanks, fabrizio.

Reply to:

Follow-Ups:
- Re: rules for FTP access
  - From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>

Prev by Date: Re: Re: RE: Error-Guard Support Request
Next by Date: Re: rules for FTP access
Previous by thread: htb traffic control misfunction,help
Next by thread: Re: rules for FTP access
Index(es):
- Date
- Thread