From: Chris Etzel <cetzel@iamada.org>
To: netfilter@lists.netfilter.org
Subject: passive ftp clarification
Date: Tue, 20 Apr 2004 14:36:23 -0700 [thread overview]
Message-ID: <1082496982.4674.6.camel@linux.local> (raw)
This might be a duplicate post - I sent the first from the wrong email
account.
Anyway,
I have this script below:
#!/bin/bash
#-------------------------------
# updated RC.FIREWALL script
# with supposed FTP support? HELP!
#-------------------------------
# enable ip_forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# added for Passive FTP Compatibility
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
# Flush tables
iptables -F
iptables -t nat -F
# Set Default policies
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
BLOCKT="1:1024 5900 5900 2301 2381 3372 5000 1433 1801 2103:2105 3146"
BLOCKU="1:1024 2301 2381 3372 1900 1434 3145 3527"
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 20:22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 308 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 90 -j ACCEPT
# BLOCK BAD TCP
for BT in $BLOCKT; do
iptables -A INPUT -i eth0 -p tcp --dport $BT -j DROP;
done
# BLOCK BAD UDP
for BU in $BLOCKU; do
iptables -A INPUT -i eth0 -p tcp --dport $BU -j DROP;
done
# END OF SCRIPT
It's pretty basic, and I know its not really too secure, but I am trying
to narrow down this FTP passive problem.
I can login to passive FTP servers, but it hangs at 'ls'.
Is there something else in my script that I need to add to get ftp-data
to respond correctly ?
Thanks in advance,
Chris
reply other threads:[~2004-04-20 21:36 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1082496982.4674.6.camel@linux.local \
--to=cetzel@iamada.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.