Security Basics mailing list archives
WuFTP server with Iptables.
From: "Jari IT" <jari_info () yahoo uk co>
Date: Sat, 25 Sep 2004 14:55:18 +1000
Hi all,
I am setting a FTP server with Iptable firewall.
Here is the rule, which I get from www.openna.com.
# incoming request
iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp \
--source-port $UNPRIVPORTS \
-d $IPADDR --destination-port 21 -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn \
-s $IPADDR --source-port 21 \
--destination-port $UNPRIVPORTS -j ACCEPT
# PORT MODE data channel responses
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR --source-port 20 \
--destination-port $UNPRIVPORTS -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn \
--source-port $UNPRIVPORTS \
-d $IPADDR --destination-port 20 -j ACCEPT
# PASSIVE MODE data channel responses
iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp \
--source-port $UNPRIVPORTS \
-d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn \
-s $IPADDR --source-port $UNPRIVPORTS \
--destination-port $UNPRIVPORTS -j ACCEPT
However, I still cannot connect from my house (behind ADSL router/modem) to
that site.
Stop this firewall, the FTP server work well.
Please advice me about this.
Thanks in advance,
Jari
Current thread:
- How to Enforce Complex Password Policy for Selected Users Only RIFAN Mohammed (Sep 23)
- <Possible follow-ups>
- RE: How to Enforce Complex Password Policy for Selected Users Only Ross, George (Sep 24)
- WuFTP server with Iptables. Jari IT (Sep 28)
- RE: WuFTP server with Iptables. Jari IT (Sep 29)
- WuFTP server with Iptables. Jari IT (Sep 28)
- Re: How to Enforce Complex Password Policy for Selected Users Only Alex Frias (Sep 26)