Find the answer to your Linux question:
Results 1 to 4 of 4
I'm trying to set up a simple iptables firewall but I'm having problems getting FTP to work, the server is set up for passive mode on a set range and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2005
    Posts
    7

    Ftp and IPtables


    I'm trying to set up a simple iptables firewall but I'm having problems getting FTP to work, the server is set up for passive mode on a set range and the server has two interfaces one on the internet for which I want the firewall and one on the local network. I don't need any routing. Perhaps later I may need routing if I get a VPN server set up but not yet I'll cross that bridge when I come to it. any input would be appreciated
    p.s I can post my script if requested but samba and ftp are currently down

  2. #2
    Just Joined!
    Join Date
    Apr 2005
    Posts
    7
    ok I figued out that smaba thing my internet work adapter lost its config on reboot but for some reason ftp still won't connect internally?
    Heres my file and I know there are many services that will generate these scripts but I'm trying to learn as much as I can so I would rather start now learning the most I can. For now I wan to keep this as simple as possible and advance as I get comfortable with it.

    #!/bin/bash

    #Load Expanded modules

    echo "Loading expanded firewall modules"
    /sbin/modprobe ip_conntrack
    /sbin/modprobe ip_tables
    /sbin/modprobe iptable_filter
    /sbin/modprobe iptable_mangle
    /sbin/modprobe iptable_nat
    /sbin/modprobe ipt_LOG
    /sbin/modprobe ip_conntrack_ftp

    # Set Policy

    echo "Setting initial policy"
    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD DROP

    # Flush Exsisting Rules

    echo "Flushing tables"
    iptables -F

    #Advanced rules for services

    echo "Opening Server ports"
    #Webserver
    iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT

    #FTP Server
    iptables -A INPUT -i eth0 -p tcp --dport 8081 -j ACCEPT
    iptables -A INPUT -i eth0 -p udp --dport 8081 -j ACCEPT

    #Terminal SSH
    iptables -A INPUT -i eth0 -p tcp --dport ssh -j ACCEPT

    #Teamspeak
    iptables -A INPUT -i eth0 -p udp --dport 8767:8770 -j ACCEPT

    #FTP Passive ports
    iptables -A INPUT -i eth0 -p tcp --dport 31000:31100 -j ACCEPT
    iptables -A INPUT -i eth0 -p udp --dport 31000:31100 -j ACCEPT

    #Add more services here


    #Set to accept any thing but new connections
    echo "Allowing already Established connections"
    iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT


    #Rules for local network
    echo "Opening local network"
    iptables -A INPUT -p tcp -i eth1 -j ACCEPT
    iptables -A INPUT -p udp -i eth1 -j ACCEPT
    iptables -A INPUT -p icmp -i eth1 -j ACCEPT

    p.s. anyone have any experience setting up an ipsec vpn with openswan and openl2tpd on slack 10

  3. #3
    scm
    scm is offline
    Linux Engineer
    Join Date
    Feb 2005
    Posts
    1,044
    What diagnostics are you getting when you try to connect to ftp internally?

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Apr 2005
    Posts
    7
    nvm it works now the ftp conf file I had before worked until I connected it to my lan then I had to re-configure the virtual host it's up now.however, there is one thing I'm interested in still is a good tutorial on routing in linux whether with ip tables or something else (ebtables)? IP and IPX(older games).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •