[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

iptables og ftp



Jeg har et underligt problem:

På min firewall maskine:

eth1: ekstern net
eth0: internt net

kan jeg ikke køre ftp ud af huset:

$  ftp klid.dk
Connected to klid.dk (217.116.227.117).
220 ProFTPD 1.3.0rc1 Server (ProFTPD Default Installation) [217.116.227.117]
Name (klid.dk:mk): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
...
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (217,116,227,117,194,140).
ftp: connect: Invalid argument

Jeg kan sagtens køre passiv ftp ud af huset
fra maskinerne på eth0.

Firewall'en har følgende opsætning:

# based on Henrik Stoerner, sslug@sslug
#

/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
echo "1" >/proc/sys/net/ipv4/tcp_syncookies
echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

for f in /proc/sys/net/ipv4/conf/*; do
   echo "0" >$f/accept_source_route
   echo "2" >$f/rp_filter
done


###################### # Setup IP firewalling ######################

# Default policies
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F OUTPUT
/sbin/iptables -F RH-Firewall-1-INPUT
/sbin/iptables -X RH-Firewall-1-INPUT
/sbin/iptables -N RH-Firewall-1-INPUT


/sbin/iptables -A INPUT -j RH-Firewall-1-INPUT
/sbin/iptables -A FORWARD -j RH-Firewall-1-INPUT
/sbin/iptables -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A RH-Firewall-1-INPUT -i lo -j ACCEPT
/sbin/iptables -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
/sbin/iptables -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
/sbin/iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
/sbin/iptables -A RH-Firewall-1-INPUT -j LOG
/sbin/iptables -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-port-unreachable


# Setup NAT for outgoing connections from the local network

/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

echo "1" >/proc/sys/net/ipv4/ip_forward


- hvad har jeg glemt?


Mogens
--
Mogens Kjær, Dataarkæolog
Email: sslug@sslug
Homepage: http://www.datamuseum.dk


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 22:43 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *