From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Christian Gmeiner" Subject: Problem with passiv FTP Date: Wed, 25 Feb 2004 22:00:22 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <001501c3fbe2$6306b330$0600a8c0@blackbox> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0012_01C3FBEA.C3F94C40" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_0012_01C3FBEA.C3F94C40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi people. I got active FTP working, but i also need the passive one. Here is my stuff: # Port 21 iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED = -j ACCEPT=20 iptables -A OUTPUT -p tcp --dport 21 -m state --state = NEW,ESTABLISHED -j ACCEPT=20 # aktiv - works iptables -A INPUT -p tcp --sport 20 -m state --state = ESTABLISHED,RELATED -j ACCEPT=20 iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j = ACCEPT=20 # passiv iptables -A INPUT -p tcp --sport ${UNPRIVPORTS} --dport = ${UNPRIVPORTS} -m state --state ESTABLISHED -j ACCEPT=20 iptables -A OUTPUT -p tcp --sport ${UNPRIVPORTS} --dport = ${UNPRIVPORTS} -m state --state ESTABLISHED,RELATED -j ACCEPT=20 I have everything set to drop and i am alowing this protocols and ports: # TCP in+out # # TCP_IN_OUT=3D"ssh" # TCP out # # 5190 =3D ICQ # TCP_OUT=3D"5190 http https 25 ftp ftp-data pop3 smtp" # TCP in # TCP_IN=3D"" # UDP in+out # UDP_IN_OUT=3D"domain ssh" # UDP out # # UDP_OUT=3D"https" # UDP in # UDP_IN=3D"" UNPRIVPORTS=3D"1024:65535" So.. i must now allow the UNPRIVPORTS, but how i am doing this? Thanks, Christian Gmeiner ------=_NextPart_000_0012_01C3FBEA.C3F94C40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi people.

I got active FTP working, but i also = need the=20 passive one.

Here is my stuff:

# Port = 21

iptables -A=20 INPUT -p tcp --sport 21 -m state --state = ESTABLISHED -j=20 ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m = state=20 --state NEW,ESTABLISHED -j ACCEPT

    # aktiv -=20 works
    iptables -A INPUT     -p = tcp=20 --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT =
   =20 iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j = ACCEPT=20

    # = passiv
   =20 iptables -A INPUT     -p tcp --sport ${UNPRIVPORTS} = --dport=20 ${UNPRIVPORTS} -m state --state ESTABLISHED -j ACCEPT=20
    iptables -A OUTPUT -p tcp --sport ${UNPRIVPORTS} = --dport=20 ${UNPRIVPORTS} -m state --state ESTABLISHED,RELATED -j ACCEPT=20

I have everything set to drop and i am = alowing this=20 protocols and ports:

# TCP=20 in+out
#
#
TCP_IN_OUT=3D"ssh"

# TCP out
#
# 5190 =3D=20 ICQ
#
TCP_OUT=3D"5190 http https 25 ftp ftp-data pop3 = smtp"

# TCP = in
#
TCP_IN=3D""

# UDP = in+out
#
UDP_IN_OUT=3D"domain=20 ssh"

# UDP = out
#
#
UDP_OUT=3D"https"

# UDP = in
#
UDP_IN=3D""

UNPRIVPORTS=3D"1024:65535"

So.. i must now allow the UNPRIVPORTS, = but how i am=20 doing this?

Thanks, Christian=20 Gmeiner

------=_NextPart_000_0012_01C3FBEA.C3F94C40--