Re: iptables troubles

To: debian-user@lists.debian.org
Cc: pim.bliek@gmail.com
Subject: Re: iptables troubles
From: "Sergio Basurto" <basurto@canada.com>
Date: Thu, 14 Oct 2004 14:37:57 -0700 (PDT)
Message-id: <[🔎] 20041014143757.23375.h005.c009.wm@mail.canada.com.criticalpath.net>

On Thu, 14 Oct 2004 13:11:30 +0200, Pim Bliek wrote:

> 
> Hi All,
> 
> I still have trouble, with FTP. A user is able to
> login, but cannot
> retrieve any data (also no 'ls' because of that). Here
> are the lines
> in my fw-script about FTP:
> 
> $IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET
> --destination-port 20  !
> --syn -j ACCEPT
> $IPT -A INPUT -i $NET -m state --state
> NEW,ESTABLISHED,RELATED -p tcp
> -s 0/0 -d $NET --dport 20 -j ACCEPT
> 
> $IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET
> --destination-port 21 -j ACCEPT
> $IPT -A INPUT -i $NET -m state --state
> NEW,ESTABLISHED,RELATED -p tcp
> -s 0/0 -d $NET --dport 21 -j ACCEPT
> 
> What is wrong here?
> 
> Pim
> 
> On Wed, 13 Oct 2004 07:40:09 -0700 (PDT), Sergio
Basurto
> <basurto@canada.com> wrote:
> 
> 
> >
> >
> > On Wed, 13 Oct 2004 16:35:46 +0200, Pim Bliek wrote:
> >
> > >
> > > That worked! Thanx a lot!
> > > I am not sure I understand how it works, but it
> works
> > :)
> > >
> > > Pim
> > >
> > >
> > > On Wed, 13 Oct 2004 07:00:30 -0700 (PDT), Sergio
> > Basurto
> > > <basurto@canada.com> wrote:
> > > > On Wed, 13 Oct 2004 15:37:35 +0200, Pim Bliek
> wrote:
> > > >
> > > > >
> > > > > Hi All,
> > > > >
> > > > > I am trying to get a firewall running, but I
am
> no
> > > > > networking expert.
> > > > > I use Debian Sid, and kernel 2.4.25-1-386
(yes I
> > > need
> > > > > to upgrade ;)).
> > > > (...)
> > > > > Regards,
> > > > > Pim Bliek
> > > > >
> > > > you must add something like this, addapt to your
> > > script
> > > > variables.
> > > > iptables -A INPUT -i $EXTIF -m state --state
> > > > NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d
> > $EXTIP
> > > > --dport 80 -j ACCEPT
> > > >
> > > > In the line above you specify that allow
> connections
> > > to
> > > > your host in port 80.
> > > >
> > > > Also you can get excellent documentation in the
> > > > following link:
> > > > www.netfilter.org
> > > >
> > > > just addapt this to your script.
> > > >
> > > > I hope this help.
> > > >
> > > > I recommend you that separate your rules in the
> > > > following order in your script
> > > >
> > > > INPUT
> > > > OUTPUT
> > > > FORWARD
> > > > PREROUTING
> > > > POSTROUTING
> > > >
> > > > in order to get it more readable.
> > > >
> > > > Regards.
Hello,
you must enable the module ip_conntrack_ftp
and ip_nat_ftp

I hope this help.

Please do not post reply. I mean always include you
reply at the end of the message ok.

Regards.

--
Sergio Basurto J.

If I have seen further it is by standing on the 
shoulders of giants. (Isaac Newton)
--
--

Reply to:

Prev by Date: Re: apache + mass virtual hosting +tomcat please help
Next by Date: Sarge with lilo?
Previous by thread: Re: iptables troubles
Next by thread: make menuconfig and xconfig
Index(es):
- Date
- Thread