[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sobre iptables com o ftp



Ficou faltando o módulo ip_conntrack_ftp
----- Original Message -----
From: "Rogério Neves Batata" <batata@pr.gov.br>
To: <debian-user-portuguese@lists.debian.org>
Sent: Wednesday, December 17, 2003 1:52 PM
Subject: Re: Sobre iptables com o ftp


On Wed, 17 Dec 2003 11:54:02 -0200
"Conrado" <conrado.debian@terra.com.br> wrote:

ipt_conntrack e ipt_state são fortes candidatos... :-)

Batata

#> Qual seria módulo, ou como fazer para abilitar isso?
#>
#> ----- Original Message -----
#> From: "Rogério Neves Batata" <batata@pr.gov.br>
#> To: <debian-user-portuguese@lists.debian.org>
#> Sent: Wednesday, December 17, 2003 11:48 AM
#> Subject: Re: Sobre iptables com o ftp
#>
#>
#> On Wed, 17 Dec 2003 11:47:48 -0200
#> "Conrado" <conrado.debian@terra.com.br> wrote:
#>
#> Você precisa ter o "state match support" habilitado, ou no caso,
#> carregado o módulo...
#>
#> #> Deu o seguinte erro
#> #> Bad argument `ESTABLISHED,RELATED'
#> #> Try `iptables -h' or 'iptables --help' for more information.
#> #>
#> #> Porque será eu dei antes um modprobe ip_nat_ftp
#> #> ----- Original Message -----
#> #> From: "Paulo Ricardo" <pauloric@contato.com.br>
#> #> To: <debian-user-portuguese@lists.debian.org>
#> #> Sent: Wednesday, December 17, 2003 11:34 AM
#> #> Subject: Re: Sobre iptables com o ftp
#> #>
#> #>
#> #> > Em Qua, 2003-12-17 às 10:42, Conrado escreveu:
#> #> > > Eu tenho aqui na firma um computador em linux que faz o
#> roteamento da
#> #> > > internet, mas infelizmente na minha máquina que tem esse
servidor
#> como
#> #> > > gateway eu não consiguo me conectar em ftp, eu gostaria de uma
#> #> > > resolução para esse problema ou que me explicassem o porque
#> disso.
#> #> > >
#> #> > > Eu tenho esse script para configurar o iptables:
#> #> > > #!/bin/bash
#> #> > > IPTABLES="/sbin/iptables"
#> #> > > INTRANET="192.168.0.0/16"
#> #> > >
#> #> > > # Habilitando forward
#> #> > > echo -ne "Habilitando ip_forward: "
#> #> > > echo 1 > /proc/sys/net/ipv4/ip_forward
#> #> > > echo "OK"
#> #> > >
#> #> > > # Limpa todo o filter
#> #> > > echo -ne "Limpando tabela filter: "
#> #> > > $IPTABLES -F > /dev/null
#> #> > > echo "OK"
#> #> > >
#> #> > > # Limpa tabela nat
#> #> > > echo -ne "Limpando tabela nat: "
#> #> > > $IPTABLES -t nat -F > /dev/null
#> #> > > echo "OK"
#> #> > >
#> #> > > # Muda o policy para drop
#> #> > > #echo -ne "Mudando o policy para drop: "
#> #> > > #$IPTABLES -P FORWARD DROP > /dev/null
#> #> > > #echo "OK"
#> #> > >
#> #> > > # Permite o forward para a rede local
#> #> > > echo -ne "Forward para a rede local: "
#> #> > > $IPTABLES -I FORWARD -s 192.168.0.0/16 -j ACCEPT > /dev/null
#> #> > > $IPTABLES -I FORWARD -d 192.168.0.0/16 -j ACCEPT > /dev/null
#> #> > > echo "OK"
#> #> > >
#> #> > > # Faz o masquerade
#> #> > > echo -ne "Masquerade: "
#> #> > > $IPTABLES -t nat -A POSTROUTING -s 0/0 -d 0/0 -j MASQUERADE >
#> #> > > /dev/null
#> #> > > echo "OK"
#> #> >
#> #> >
#> #> >
#> #> > heheheh vc não tem um firewall e sim um compartilhamento com a
#> Internet
#> #> > onde o mundo lá fora ( diga-se internet) enxerga toda a sua rede
#> #> > interna.......
#> #> >
#> #> > bem este é outro problema.
#> #> >
#> #> > o que falta é
#> #> >
#> #> >
#> #> > iptables -A FORWARD -m state ESTABLISHED,RELATED
#> #> > e subir os módulos de ip_nat_ftp
#> #> >
#> #> >
#> #> > []s
#> #> > >
#> #> > > Obrigado
#> #> > > Conrado
#> #> > --
#> #> > Paulo Ricardo Bruck - consultor
#> #> > Contato Global Solutions
#> #> > tel 011 5686-7977 011 5521-8049  cel 011 9235-4327
#> #> > R Bourbom, 56 04663-160  São Paulo SP
#> #> >
#> #> > -----BEGIN PGP PUBLIC KEY BLOCK-----
#> #> > Version: GnuPG v1.2.1 (GNU/Linux)
#> #> >
#> #> > mQGiBD7RFWcRBACHF98nLZGNU5wlLG+FMmpKFkagAW/dujJP/sETIMzgHSp25wWa
#> #> > H/37UItJ4m44Cose2jOHNiDjK8JqQ614HIS4SbXDJggxs07hrrCA1UxlSDtwhEvK
#> #> > jL7iFkUmt3oxCD+Z6bFfb+iWkqhKjSkMGZT6WMcOx5j4W7QwFAi7U655pwCgzbSA
#> #> > yw5jWt276+hqZMOw7GuoSrED/R9oGrvjJVRTBxj3/UXiKhqce/C5BXjLB2377Y/D
#> #> > n79XFhZGXp3D8rI7YgfmOB/JnvG5jJ/1LQE4Sac8RgL0Lr9B+v1TI8h4/TI5s0zH
#> #> > 8MiX1gWBVrexDGyqHUC0cO3xBpvZtVBoYQey7djC7/wPLW8wQRsQOf1Gciy7H9pb
#> #> > pbesA/wO0otaoSXtlGaKYLvqeM+mRM3Zgo63/HGQB9m1LXhp9LTx3fcmOOtQs5jL
#> #> > rCRhd/U6y/+Lwfnkpdf8e/LkcGuFC1oUq8ZBj7sgFnEuGHgbUnltNUYqhtl/3MJG
#> #> > 4ODcDOZ7ZUzhyksc1R7BEEdfe44FYqG0Wo6dmWseYkHwi9BXobRIUGF1bG8gUmlj
#> #> > YXJkbyBCcnVjayAoQ29udGF0byBHbG9iYWwgU29sdXRpb25zKSA8cGF1bG9yaWNA
#> #> > Y29udGF0by5jb20uYnI+iFkEExECABkFAj7RFWcECwcDAgMVAgMDFgIBAh4BAheA
#> #> > AAoJEE3++teFxLIijykAoIlN1fJ6j70CGhe8VA2VH78AwMCkAJ9UfPA+4kToRcx5
#> #> > uAkbqntF2Hwf6bkBDQQ+0RVuEAQAuGu7ES6wg5PIo+fpogRKrAs1pf41/tacsNos
#> #> > I/OP2o2CaNRclu0vprdydK0oMHQrvTf9ocUlECRRQkE2Gw3EAjj9fzvUH7X6zqeV
#> #> > 0Pwk1RskPbMyBmZ0cClMRSh0PWesXlv4PKcYz67NJbL926Dj/Mcd9/RyhUkM80Sw
#> #> > bJy/QZsAAwUEALf5pInf3Uh8Ujxy0gKG75CJupLesi+z4FBuJ9qYV6XMXCnVHGCA
#> #> > jEpQcPaTRNhlMNq8lr+nNEWC8nGVDKORwWLrPmVVhttjBu3oxMGiQKQaBtg0L7ec
#> #> > 0VGR8KzyKPyPM2c+qYPgVWhgQZOvhf+iLpeQffp3K99TPFb8kwcM5WaTiEYEGBEC
#> #> > AAYFAj7RFW4ACgkQTf7614XEsiLm0gCgk5JPQvHWbM8NI48J8oz2rNG/CH4AoMHE
#> #> > dizQXFZtxXJhCuXn09aI6Z1J
#> #> > =qt+T
#> #> > -----END PGP PUBLIC KEY BLOCK-----
#> #> >
#> #> >
#> #> > --
#> #> > To UNSUBSCRIBE, email to
#> debian-user-portuguese-request@lists.debian.org
#> #> > with a subject of "unsubscribe". Trouble? Contact
#> #> listmaster@lists.debian.org
#> #> >
#> #> >
#> #>
#> #>
#> #> --
#> #> To UNSUBSCRIBE, email to
#> debian-user-portuguese-request@lists.debian.org
#> #> with a subject of "unsubscribe". Trouble? Contact
#> listmaster@lists.debian.org
#>
#>
#> --
#>
#> Rogério Neves Batata (batata@pr.gov.br)
#> Companhia de Informática do Paraná - Celepar     Linux User #87955
#>
#>  /"\
#>  \ /  Campanha da fita ASCII - contra mail html
#>   X   ASCII ribbon campaign - against html mail
#>  / \
#>
#>
#> --
#> To UNSUBSCRIBE, email to
debian-user-portuguese-request@lists.debian.org
#> with a subject of "unsubscribe". Trouble? Contact
#> listmaster@lists.debian.org
#>
#>
#>
#> --
#> To UNSUBSCRIBE, email to
debian-user-portuguese-request@lists.debian.org
#> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org


--

Rogério Neves Batata (batata@pr.gov.br)
Companhia de Informática do Paraná - Celepar     Linux User #87955

 /"\
 \ /  Campanha da fita ASCII - contra mail html
  X   ASCII ribbon campaign - against html mail
 / \


--
To UNSUBSCRIBE, email to debian-user-portuguese-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org




Reply to: