Re: RES: RES: IPtables settings to access a backup FTP

[Richard <netfilter@ghz.fr>]

thanks but I don't understant about the eth1, my network only runs on 
eth0 ... could you explain what the whole line does?

Thanks !

Patrik a écrit :
> --syn is a Synonym for --tcp-flags SYN, RST and ACK
> 
> 
> 
>   Chorus Informatica 
> Patrik Souza - Diretor 
>   Fone: 11 5621-6177
> Mobile: 11 8154-0794
>  
> A informação contida nesta mensagem é confidencial. É destinada somente para
> uso do(s) indivíduo(s) e/ou entidade(s) para os quais foi endereçada. Se
> você não é o destinatário pretendido, fica desde já notificado de que
> qualquer revelação, cópia, disseminação ou uso desta mensagem ou das
> informações nela contidas é estritamente proibido. Se você recebeu esta
> mensagem erroneamente, por favor, notifique-nos por correio eletrônico e
> apague-a do seu sistema. / The information contained in this message is
> confidential. It is intended solely for the use of the individual(s) and/or
> entity (ies) addressed above. If you are not the intended recipient, you are
> hereby notified that any disclosure, copying, dissemination or using this
> message or the information contained herein is strictly prohibited. If you
> have received this message in error, please notify us by electronic mail and
> please delete the message from your system.
>  
> 
> -----Mensagem original-----
> De: netfilter-bounces@lists.netfilter.org
> [mailto:netfilter-bounces@lists.netfilter.org] Em nome de Richard
> Enviada em: sábado, 18 de agosto de 2007 16:27
> Para: patrik@chorus.com.br; netfilter@lists.netfilter.org
> Assunto: Re: RES: IPtables settings to access a backup FTP
> 
> Hi thanks, could you explain what this line does ?
> 
> This is what I understand :
> 
> Foward incomming form eth0 to Output eth1 with tcp port 21 but I dont 
> understant the --syn or exactly what this whole line does ...
> 
> Patrik a écrit :
>> Richard, try to use 
>>
>> # iptables -A FORWARD  -i eth0 -o eth1 -p tcp --syn --dport 21 -j ACCEPT 
>>
>> I think that´s solve
>>
>>
>>   Chorus Informatica 
>> Patrik Souza - Diretor 
>>   Fone: 11 5621-6177
>> Mobile: 11 8154-0794
>>  
>> A informação contida nesta mensagem é confidencial. É destinada somente
> para
>> uso do(s) indivíduo(s) e/ou entidade(s) para os quais foi endereçada. Se
>> você não é o destinatário pretendido, fica desde já notificado de que
>> qualquer revelação, cópia, disseminação ou uso desta mensagem ou das
>> informações nela contidas é estritamente proibido. Se você recebeu esta
>> mensagem erroneamente, por favor, notifique-nos por correio eletrônico e
>> apague-a do seu sistema. / The information contained in this message is
>> confidential. It is intended solely for the use of the individual(s)
> and/or
>> entity (ies) addressed above. If you are not the intended recipient, you
> are
>> hereby notified that any disclosure, copying, dissemination or using this
>> message or the information contained herein is strictly prohibited. If you
>> have received this message in error, please notify us by electronic mail
> and
>> please delete the message from your system.
>>  
>> -----Mensagem original-----
>> De: netfilter-bounces@lists.netfilter.org
>> [mailto:netfilter-bounces@lists.netfilter.org] Em nome de Richard
>> Enviada em: sábado, 18 de agosto de 2007 16:09
>> Para: netfilter@lists.netfilter.org
>> Assunto: IPtables settings to access a backup FTP
>>
>> Hello, this is my first message so I hope I'm doing this right ! :)
>>
>> I've got iptables setup and running well on my server and up to now I've 
>> not had any problems, however I have just installed a backup system 
>> which needs to connect by FTP to a distant server.
>>
>> With my firewall disactivated all works fine, however with the firewall 
>> activated when I use the "ls" command of the debian ftp command line 
>> package (CWD) I get:
>>
>> 200 ok then a long wait then :
>> 421 Service not available, remote server has closed connection.
>>
>> I've tried this on two different FTP's and it only works if the firewall 
>> is disactivated.
>>
>> One server is a plesk server but the server I need to connect to I do 
>> not know much about, with filezilla on my pc I've managed to connect to 
>> it with both FTP active and FTP passive so I guess it can do both.
>>
>> On my server I just do :
>>
>> ftp ftp.server.com
>> username
>> password
>>
>> So I'm not sure if it connects as passive or active.
>>
>> These are the ports that I have got open :
>>
>> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>> -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>
>> -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
>>
>> -A OUTPUT -p tcp -m tcp --dport 20 -j ACCEPT
>> -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
>>
>> Which ports do you suggest I should open to connect to this FTP server ?
>>
>> Thanks in advance,
>>
>> Richard
>>
>>
>>
> 
>