Re: rules for FTP access
Manuel Mely wrote:
>>my problem is that I am not able to enable ftp connections ...
>
>
> All you have to do is to permit ftp connections in your firewall ;)
>
> iptables -A INPUT -i ??? -s ??? -p tcp --dport 20:21 -j ACCEPT
but, once I have loaded contrack ftp modules and I want to permit ftp
client connections from my private subnet, which is behind eth1, to
Internet through eth0, I should do:
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 20:21 -j ACCEPT
is it right?
I am sorry but it is not long time that I'm playing with iptables and
firewalls...:-)
thanks, fabrizio.
>
> Also, enable ip_nat_ftp module and ip_conntrack_ftp!
>
> Salu2
> Mely
>
>
> On Wed, 2005-08-31 at 15:07 +0200, Fabrizio Sannicolo' wrote:
>
>>dear Sir/Madam,
>>
>>I have a linux box (sarge) as router/firewall in my organization. At the
>>moment that Linux box has 3 ethernet cards as follows:
>>
>>eth0 with public IP
>>eth1 private subnet
>>eth2 DMZ and WiFi
>>
>>I use iptables to forward traffic from Intranet to Internet and
>>viceversa using a rule such as
>>
>>iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $SERV_EXT
>>
>>I also enable specific services with rules such as
>>
>> -m state
>>--state NEW -j ACCEPT
>>
>>or
>>
>>iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -m state --state
>>NEW -j ACCEPT
>>
>>for any chain I let ESTABLISHED and RELATED connection...
>>
>>iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>>
>>
>>and, at the end of each chain (INPUT, OUTPUT and FORWARD), I put
>>
>>iptables -A INPUT -j DROP
>>
>>my problem is that I am not able to enable ftp connections ...
>>
>>Could you help me, please?
>>
>>thanks, fabrizio.
>>
>>
Reply to: