iptables, no me funcionan las reglas de ftp

[Rocío Vázquez Furelos <rvazquez@jaerod.com>]

Hola a todos,

tengo configurado un firewall con iptables y tengo las siguientes reglas en el (por defecto la política es DROP):


iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 20 -j ACCEPT
iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -p tcp --sport 20 -j ACCEPT
iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -p tcp --sport 21 -j ACCEPT

iptables -A INPUT -p tcp -i eth1 -m state --state NEW,ESTABLISHED,RELATED --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 -m state --state NEW,ESTABLISHED,RELATED --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 -m state --state NEW,ESTABLISHED,RELATED --sport 20 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 -m state --state NEW,ESTABLISHED,RELATED --sport 21 -j ACCEPT

eth1 es la tarjeta que conecta con un router que tiene redirigidos los puertos 20 y 21 a la máquina en donde tengo el firewall.  Pues no consigo que me funcione el ftp.  Desde el gftp consigo conectarme a un servidor pero no es capaz de listarme los elementos del mismo.

Alguien ve algún error, os envío la salida del comando iptables -L

Muchas gracias de antemano.




Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       udp  --  anywhere             anywhere            udp dpts:1:65535 
ACCEPT     all  --  localhost.localdomain  anywhere            
ACCEPT     all  --  anywhere             localhost.localdomain 
ACCEPT     all  --  localnet/24          anywhere            
ACCEPT     all  --  anywhere             localnet/24         
DROP       all  --  localhost.localdomain  anywhere            
ACCEPT     all  --  localnet/24          anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:ftp-data 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:ftp-data 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:ftp 
DROP       all  --  localhost.localdomain  anywhere            
DROP       all  --  anywhere             localhost.localdomain 
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:www 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:https 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:snpp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:snpp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:domain 
ACCEPT     udp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED udp dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED udp spt:domain 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:ftp-data 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:ftp-data 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED tcp spt:ftp 
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     all  --  localnet/24          anywhere            
ACCEPT     tcp  --  anywhere             192.168.1.237       tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             192.168.1.237       tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             192.168.1.237       tcp dpt:imap2 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
DROP       all  -- !localnet/24          anywhere            
DROP       all  --  localhost.localdomain  anywhere            
DROP       all  --  anywhere             localhost.localdomain 
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any