Fedora Linux Support Community & Resources Center
  #1  
Old 26th July 2007, 04:04 PM
cbrenchley Offline
Registered User
 
Join Date: Dec 2006
Location: New York, New York
Posts: 36
iptable setup

Hope simeone can hel me on this. I have searched the forum and have not found any info on this exact subjuct. I need to set up optables for ftp to except the local traffic only and one remote op address. This is what I have in my table now.

:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8485:2850257]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -s 70.xx.xx.x/24 --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -s 10.1.10.0/24 --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Jul 24 12:43:45 2007

These are the two lines that I'm working with
A RH-Firewall-1-INPUT -p tcp -s 70.xx.xx.x/24 --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -s 10.1.10.0/24 --dport 21 -j ACCEPT


This code does not work, Do I need to place both addresses on the same line?
Seems that it reads the first line and skips the second.
Please if anyone has an Idea, I would like to here it.
Reply With Quote
  #2  
Old 26th July 2007, 05:18 PM
William Haller Online
Registered User
 
Join Date: Jul 2005
Age: 54
Posts: 1,081
Check http://slacksite.com/other/ftp.html for a description of active and passive FTP. For an active connection, the server is connecting from 20 to a port on the client. You have it set up the other away around. If you want an incoming connection, use passive FTP. It's a bit easier to firewall.

http://www.ncftp.com/ncftpd/doc/misc...firewalls.html is also a good description of all the problems each mode can have with respect to firewalls.
Reply With Quote
Reply

Tags
iptable, setup

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptable manojg Security and Privacy 1 28th August 2009 09:21 PM
IPtable & NoListen Yeti_A Security and Privacy 2 16th August 2007 05:03 PM
Need Help about Iptable + Firewall pratchaya Security and Privacy 1 15th September 2005 04:26 AM


Current GMT-time: 02:21 (Thursday, 02-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat