Ftp and IPtables

[binaryblade]

I'm trying to set up a simple iptables firewall but I'm having problems getting FTP to work, the server is set up for passive mode on a set range and the server has two interfaces one on the internet for which I want the firewall and one on the local network. I don't need any routing. Perhaps later I may need routing if I get a VPN server set up but not yet I'll cross that bridge when I come to it. any input would be appreciated
p.s I can post my script if requested but samba and ftp are currently down

[binaryblade]

ok I figued out that smaba thing my internet work adapter lost its config on reboot but for some reason ftp still won't connect internally?
Heres my file and I know there are many services that will generate these scripts but I'm trying to learn as much as I can so I would rather start now learning the most I can. For now I wan to keep this as simple as possible and advance as I get comfortable with it.

#!/bin/bash

#Load Expanded modules

echo "Loading expanded firewall modules"
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ip_conntrack_ftp

# Set Policy

echo "Setting initial policy"
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Flush Exsisting Rules

echo "Flushing tables"
iptables -F

#Advanced rules for services

echo "Opening Server ports"
#Webserver
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT

#FTP Server
iptables -A INPUT -i eth0 -p tcp --dport 8081 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 8081 -j ACCEPT

#Terminal SSH
iptables -A INPUT -i eth0 -p tcp --dport ssh -j ACCEPT

#Teamspeak
iptables -A INPUT -i eth0 -p udp --dport 8767:8770 -j ACCEPT

#FTP Passive ports
iptables -A INPUT -i eth0 -p tcp --dport 31000:31100 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 31000:31100 -j ACCEPT

#Add more services here


#Set to accept any thing but new connections
echo "Allowing already Established connections"
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT


#Rules for local network
echo "Opening local network"
iptables -A INPUT -p tcp -i eth1 -j ACCEPT
iptables -A INPUT -p udp -i eth1 -j ACCEPT
iptables -A INPUT -p icmp -i eth1 -j ACCEPT

p.s. anyone have any experience setting up an ipsec vpn with openswan and openl2tpd on slack 10

[scm]

What diagnostics are you getting when you try to connect to ftp internally?

[binaryblade]

nvm it works now the ftp conf file I had before worked until I connected it to my lan then I had to re-configure the virtual host it's up now.however, there is one thing I'm interested in still is a good tutorial on routing in linux whether with ip tables or something else (ebtables)? IP and IPX(older games).