Re: rules for FTP access

To: fabrizio.sannicolo@gmail.com
Cc: debian-firewall@lists.debian.org
Subject: Re: rules for FTP access
From: Fernando Andrade <fcaandrade@ig.com.br>
Date: Mon, 05 Sep 2005 14:04:00 -0400
Message-id: <[🔎] 1125943440.3520.8.camel@localhost.localdomain>
Reply-to: fcaandrade@ig.com.br
In-reply-to: <4315ABA9.2000201@gmail.com>
References: <4315ABA9.2000201@gmail.com>

Fabrizio,

Try add this:

modprobe ip_conntrack_ftp

iptables -A INPUT -i eth2 -s 192.168.3.0/24 -p tcp --dport 21 -m state
--state NEW -j ACCEPT



Em Qua, 2005-08-31 às 15:07 +0200, Fabrizio Sannicolo' escreveu:
> dear Sir/Madam,
> 
> I have a linux box (sarge) as router/firewall in my organization. At the
> moment that Linux box has 3 ethernet cards as follows:
> 
> eth0 with public IP
> eth1 private subnet
> eth2 DMZ and WiFi
> 
> I use iptables to forward traffic from Intranet to Internet and
> viceversa using a rule such as
> 
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $SERV_EXT
> 
> I also enable specific services with rules such as
> 
> iptables -A INPUT -i eth2 -s 192.168.3.0/24 -p tcp --dport 22 -m state
> --state NEW -j ACCEPT
> 
> or
> 
> iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -m state --state
> NEW -j ACCEPT
> 
> for any chain I let ESTABLISHED and RELATED connection...
> 
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> 
> 
> and, at the end of each chain (INPUT, OUTPUT and FORWARD), I put
> 
> iptables -A INPUT -j DROP
> 
> my problem is that I am not able to enable ftp connections ...
> 
> Could you help me, please?
> 
> thanks, fabrizio.
> 
>

Reply to:

Follow-Ups:
- Re: rules for FTP access
  - From: Fernando Andrade <fcaandrade@ig.com.br>

Prev by Date: Re: help with Acid+snort+mysql..
Next by Date: Re: rules for FTP access
Previous by thread: Re: rules for FTP access
Next by thread: Re: rules for FTP access
Index(es):
- Date
- Thread