Hi All,
I still have trouble, with FTP. A user is able to login, but cannot
retrieve any data (also no 'ls' because of that). Here are the lines
in my fw-script about FTP:
$IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET --destination-port 20 !
--syn -j ACCEPT
$IPT -A INPUT -i $NET -m state --state NEW,ESTABLISHED,RELATED -p tcp
-s 0/0 -d $NET --dport 20 -j ACCEPT
$IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET --destination-port 21 -j ACCEPT
$IPT -A INPUT -i $NET -m state --state NEW,ESTABLISHED,RELATED -p tcp
-s 0/0 -d $NET --dport 21 -j ACCEPT
What is wrong here?
Pim
On Wed, 13 Oct 2004 07:40:09 -0700 (PDT), Sergio Basurto
<basurto@canada.com> wrote:
On Wed, 13 Oct 2004 16:35:46 +0200, Pim Bliek wrote:
That worked! Thanx a lot!
I am not sure I understand how it works, but it works
:)
Pim
On Wed, 13 Oct 2004 07:00:30 -0700 (PDT), Sergio
Basurto
<basurto@canada.com> wrote:
On Wed, 13 Oct 2004 15:37:35 +0200, Pim Bliek wrote:
Hi All,
I am trying to get a firewall running, but I am no
networking expert.
I use Debian Sid, and kernel 2.4.25-1-386 (yes I
need
to upgrade ;)).
(...)
Regards,
Pim Bliek
you must add something like this, addapt to your
script
variables.
iptables -A INPUT -i $EXTIF -m state --state
NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d
$EXTIP
--dport 80 -j ACCEPT
In the line above you specify that allow connections
to
your host in port 80.
Also you can get excellent documentation in the
following link:
www.netfilter.org
just addapt this to your script.
I hope this help.
I recommend you that separate your rules in the
following order in your script
INPUT
OUTPUT
FORWARD
PREROUTING
POSTROUTING
in order to get it more readable.
Regards.
--
Sergio Basurto J.
If I have seen further it is by standing on the
shoulders of giants. (Isaac Newton)
--
--
Ing. Sergio Basurto Juárez
Tel: 04455-85322945