Re: iptables troubles

To: debian-user <debian-user@lists.debian.org>
Subject: Re: iptables troubles
From: Riccardo Tortorici <riccardo.tortorici@email.it>
Date: Thu, 14 Oct 2004 15:07:38 +0200
Message-id: <[🔎] 416E7A1A.7010907@email.it>
In-reply-to: <[🔎] fc1af19c041014041153d1c8cf@mail.gmail.com>
References: <[🔎] 20041013074011.19536.h004.c009.wm@mail.canada.com.criticalpath.net> <fc1af19c04101404067e95160d@mail.gmail.com> <[🔎] fc1af19c041014041153d1c8cf@mail.gmail.com>

Did you "modprobed" the nat FTP Module?
modprobe ip_nat_ftp

Did you allow also the ftp-data port?
From /etc/services:

ftp-data        20/tcp
ftp             21/tcp

bye

Pim Bliek wrote:

Hi All,

I still have trouble, with FTP. A user is able to login, but cannot
retrieve any data (also no 'ls' because of that). Here are the lines
in my fw-script about FTP:

$IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET --destination-port 20  !
--syn -j ACCEPT
$IPT -A INPUT -i $NET -m state --state NEW,ESTABLISHED,RELATED -p tcp
-s 0/0 -d $NET --dport 20 -j ACCEPT

$IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET --destination-port 21 -j ACCEPT
$IPT -A INPUT -i $NET -m state --state NEW,ESTABLISHED,RELATED -p tcp
-s 0/0 -d $NET --dport 21 -j ACCEPT

What is wrong here?

Pim

On Wed, 13 Oct 2004 07:40:09 -0700 (PDT), Sergio Basurto
<basurto@canada.com> wrote:


On Wed, 13 Oct 2004 16:35:46 +0200, Pim Bliek wrote:

That worked! Thanx a lot!
I am not sure I understand how it works, but it works

:)

Pim


On Wed, 13 Oct 2004 07:00:30 -0700 (PDT), Sergio


Basurto

<basurto@canada.com> wrote:

On Wed, 13 Oct 2004 15:37:35 +0200, Pim Bliek wrote:

Hi All,

I am trying to get a firewall running, but I am no
networking expert.
I use Debian Sid, and kernel 2.4.25-1-386 (yes I


need

to upgrade ;)).


(...)

Regards,
Pim Bliek


you must add something like this, addapt to your


script

variables.
iptables -A INPUT -i $EXTIF -m state --state
NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d


$EXTIP

--dport 80 -j ACCEPT

In the line above you specify that allow connections

to

your host in port 80.

Also you can get excellent documentation in the
following link:
www.netfilter.org

just addapt this to your script.

I hope this help.

I recommend you that separate your rules in the
following order in your script

INPUT
OUTPUT
FORWARD
PREROUTING
POSTROUTING

in order to get it more readable.

Regards.

--
Sergio Basurto J.

If I have seen further it is by standing on the
shoulders of giants. (Isaac Newton)
--
--



Ing. Sergio Basurto Juárez
Tel: 04455-85322945


--
- Riccardo Tortorici -
Linux Registered User #365170
Count yourself @ http://counter.li.org/ !
Proudly Running Debian GNU/Linux "Sid" - Linux Kernel 2.6.8.1
--

HTML email can be dangerous, is not always readable, wastes bandwidthand is simply not necessary please don't send them to me!

If you don't know what I'm talking about please read this:

http://www.georgedillon.com/web/netiquette.shtml



--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f

Sponsor:
Telefonare all'estero risparmiando fino all'80%? Con Email.it Phone Card puoi, clicca e scopri tutti i vantaggi
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2683&d=14-10

Reply to:

Follow-Ups:
- Re: iptables troubles
  - From: Pim Bliek <pim.bliek@gmail.com>

References:
- Re:[SOLVED] iptables troubles
  - From: "Sergio Basurto" <basurto@canada.com>
- iptables troubles
  - From: Pim Bliek <pim.bliek@gmail.com>

Prev by Date: Re: Weirdness with realtek 8169
Next by Date: Re: the sarge installer is not the same
Previous by thread: iptables troubles
Next by thread: Re: iptables troubles
Index(es):
- Date
- Thread