Ftp and IPtables
I'm trying to set up a simple iptables firewall but I'm having problems getting FTP to work, the server is set up for passive mode on a set range and the server has two interfaces one on the internet for which I want the firewall and one on the local network. I don't need any routing. Perhaps later I may need routing if I get a VPN server set up but not yet I'll cross that bridge when I come to it. any input would be appreciated
p.s I can post my script if requested but samba and ftp are currently down
ok I figued out that smaba thing my internet work adapter lost its config on reboot but for some reason ftp still won't connect internally?
Heres my file and I know there are many services that will generate these scripts but I'm trying to learn as much as I can so I would rather start now learning the most I can. For now I wan to keep this as simple as possible and advance as I get comfortable with it.
#Load Expanded modules
echo "Loading expanded firewall modules"
# Set Policy
echo "Setting initial policy"
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
# Flush Exsisting Rules
echo "Flushing tables"
#Advanced rules for services
echo "Opening Server ports"
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8081 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 8081 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 8767:8770 -j ACCEPT
#FTP Passive ports
iptables -A INPUT -i eth0 -p tcp --dport 31000:31100 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 31000:31100 -j ACCEPT
#Add more services here
#Set to accept any thing but new connections
echo "Allowing already Established connections"
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#Rules for local network
echo "Opening local network"
iptables -A INPUT -p tcp -i eth1 -j ACCEPT
iptables -A INPUT -p udp -i eth1 -j ACCEPT
iptables -A INPUT -p icmp -i eth1 -j ACCEPT
p.s. anyone have any experience setting up an ipsec vpn with openswan and openl2tpd on slack 10
What diagnostics are you getting when you try to connect to ftp internally?
nvm it works now the ftp conf file I had before worked until I connected it to my lan then I had to re-configure the virtual host it's up now.however, there is one thing I'm interested in still is a good tutorial on routing in linux whether with ip tables or something else (ebtables)? IP and IPX(older games).