* ftp rules
@ 2005-08-16 11:00 varun_saa
0 siblings, 0 replies; 3+ messages in thread
From: varun_saa @ 2005-08-16 11:00 UTC (permalink / raw)
To: netfilter
Hello,
My server in on FC4
eth0 is wan with static IP connected to 512K DSL
eth1 is lan - 192.168.0.0/24
WAN -----> eth0 - FC4 server - eth1 -----------> clients ( 192.168.0.0/ 24 )
FC4 server is only for sharing internet , mails, etc for clients system.
I do not run any ftp server on ny FC4 server.
I have loaded ip_contrack_ftp modules.
Clients connected to FC4 server on eth1 should be able to connect
to ftp sites.
Is the following rule enough ?
-A FORWARD -i eth1 -o eth0 -p tcp --dport 21 -j ACCEPT
Thanks
Varun
^ permalink raw reply [flat|nested] 3+ messages in thread* FTP rules
@ 2005-01-31 16:40 hamals
2005-01-31 16:41 ` Jason Opperisano
0 siblings, 1 reply; 3+ messages in thread
From: hamals @ 2005-01-31 16:40 UTC (permalink / raw)
To: netfilter
my PCs behind my firewall didn't get ftp connection to
any external ftp server. Why?
/sbin/modprobe ip_contrack
/sbin/modprobe ip_contrack_ftp
# LAN -> INTERNET
iptables -A FORWARD -i $LAN -o $INET -p tcp --dport 21 -j
ACCEPT
iptables -A FORWARD -i $LAN -o $INET -p tcp --dport 20 -j
ACCEPT
# INTERNET ->LAN
iptables - A FORWARD -i $INET -o $LAN -p tcp -m state
--state ESTABLISHED, RELATED -j ACCEPT
# NAT
iptables -t nat -A POSTROUTING -s $IPs_LAN -o $INET -j
SNAT --to-source $INET_IP
Thanks fo help
_______________________________________
Connessione ed e-mail gratuita da 10 mb
consultabile tramite web e tramite pop.
www.infinito.it vieni a scoprire tutti
i nostri servizi!
http://www.infinito.it/xmail
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: FTP rules
2005-01-31 16:40 FTP rules hamals
@ 2005-01-31 16:41 ` Jason Opperisano
0 siblings, 0 replies; 3+ messages in thread
From: Jason Opperisano @ 2005-01-31 16:41 UTC (permalink / raw)
To: netfilter
On Mon, Jan 31, 2005 at 05:40:24PM +0100, hamals@infinito.it wrote:
>
> my PCs behind my firewall didn't get ftp connection to
> any external ftp server. Why?
>
> /sbin/modprobe ip_contrack
> /sbin/modprobe ip_contrack_ftp
how about this as well:
/sbin/modprobe ip_nat_ftp
> # LAN -> INTERNET
> iptables -A FORWARD -i $LAN -o $INET -p tcp --dport 21 -j
> ACCEPT
> iptables -A FORWARD -i $LAN -o $INET -p tcp --dport 20 -j
> ACCEPT
second rule is unnecessary.
> # INTERNET ->LAN
> iptables - A FORWARD -i $INET -o $LAN -p tcp -m state
> --state ESTABLISHED, RELATED -j ACCEPT
you need to allow ESTABLISHED,RELATED packets from LAN -> INTERNET as
well, try using:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
instead of your rule above.
> # NAT
> iptables -t nat -A POSTROUTING -s $IPs_LAN -o $INET -j
> SNAT --to-source $INET_IP
-j
--
"My cat's breath smells like cat food."
--The Simpsons
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-08-16 11:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-16 11:00 ftp rules varun_saa
-- strict thread matches above, loose matches on Subject: below --
2005-01-31 16:40 FTP rules hamals
2005-01-31 16:41 ` Jason Opperisano
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox