Ficou faltando o módulo ip_conntrack_ftp ----- Original Message ----- From: "Rogério Neves Batata" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, December 17, 2003 1:52 PM Subject: Re: Sobre iptables com o ftp
On Wed, 17 Dec 2003 11:54:02 -0200 "Conrado" <[EMAIL PROTECTED]> wrote: ipt_conntrack e ipt_state são fortes candidatos... :-) Batata #> Qual seria módulo, ou como fazer para abilitar isso? #> #> ----- Original Message ----- #> From: "Rogério Neves Batata" <[EMAIL PROTECTED]> #> To: <[email protected]> #> Sent: Wednesday, December 17, 2003 11:48 AM #> Subject: Re: Sobre iptables com o ftp #> #> #> On Wed, 17 Dec 2003 11:47:48 -0200 #> "Conrado" <[EMAIL PROTECTED]> wrote: #> #> Você precisa ter o "state match support" habilitado, ou no caso, #> carregado o módulo... #> #> #> Deu o seguinte erro #> #> Bad argument `ESTABLISHED,RELATED' #> #> Try `iptables -h' or 'iptables --help' for more information. #> #> #> #> Porque será eu dei antes um modprobe ip_nat_ftp #> #> ----- Original Message ----- #> #> From: "Paulo Ricardo" <[EMAIL PROTECTED]> #> #> To: <[email protected]> #> #> Sent: Wednesday, December 17, 2003 11:34 AM #> #> Subject: Re: Sobre iptables com o ftp #> #> #> #> #> #> > Em Qua, 2003-12-17 às 10:42, Conrado escreveu: #> #> > > Eu tenho aqui na firma um computador em linux que faz o #> roteamento da #> #> > > internet, mas infelizmente na minha máquina que tem esse servidor #> como #> #> > > gateway eu não consiguo me conectar em ftp, eu gostaria de uma #> #> > > resolução para esse problema ou que me explicassem o porque #> disso. #> #> > > #> #> > > Eu tenho esse script para configurar o iptables: #> #> > > #!/bin/bash #> #> > > IPTABLES="/sbin/iptables" #> #> > > INTRANET="192.168.0.0/16" #> #> > > #> #> > > # Habilitando forward #> #> > > echo -ne "Habilitando ip_forward: " #> #> > > echo 1 > /proc/sys/net/ipv4/ip_forward #> #> > > echo "OK" #> #> > > #> #> > > # Limpa todo o filter #> #> > > echo -ne "Limpando tabela filter: " #> #> > > $IPTABLES -F > /dev/null #> #> > > echo "OK" #> #> > > #> #> > > # Limpa tabela nat #> #> > > echo -ne "Limpando tabela nat: " #> #> > > $IPTABLES -t nat -F > /dev/null #> #> > > echo "OK" #> #> > > #> #> > > # Muda o policy para drop #> #> > > #echo -ne "Mudando o policy para drop: " #> #> > > #$IPTABLES -P FORWARD DROP > /dev/null #> #> > > #echo "OK" #> #> > > #> #> > > # Permite o forward para a rede local #> #> > > echo -ne "Forward para a rede local: " #> #> > > $IPTABLES -I FORWARD -s 192.168.0.0/16 -j ACCEPT > /dev/null #> #> > > $IPTABLES -I FORWARD -d 192.168.0.0/16 -j ACCEPT > /dev/null #> #> > > echo "OK" #> #> > > #> #> > > # Faz o masquerade #> #> > > echo -ne "Masquerade: " #> #> > > $IPTABLES -t nat -A POSTROUTING -s 0/0 -d 0/0 -j MASQUERADE > #> #> > > /dev/null #> #> > > echo "OK" #> #> > #> #> > #> #> > #> #> > heheheh vc não tem um firewall e sim um compartilhamento com a #> Internet #> #> > onde o mundo lá fora ( diga-se internet) enxerga toda a sua rede #> #> > interna....... #> #> > #> #> > bem este é outro problema. #> #> > #> #> > o que falta é #> #> > #> #> > #> #> > iptables -A FORWARD -m state ESTABLISHED,RELATED #> #> > e subir os módulos de ip_nat_ftp #> #> > #> #> > #> #> > []s #> #> > > #> #> > > Obrigado #> #> > > Conrado #> #> > -- #> #> > Paulo Ricardo Bruck - consultor #> #> > Contato Global Solutions #> #> > tel 011 5686-7977 011 5521-8049 cel 011 9235-4327 #> #> > R Bourbom, 56 04663-160 São Paulo SP #> #> > #> #> > -----BEGIN PGP PUBLIC KEY BLOCK----- #> #> > Version: GnuPG v1.2.1 (GNU/Linux) #> #> > #> #> > mQGiBD7RFWcRBACHF98nLZGNU5wlLG+FMmpKFkagAW/dujJP/sETIMzgHSp25wWa #> #> > H/37UItJ4m44Cose2jOHNiDjK8JqQ614HIS4SbXDJggxs07hrrCA1UxlSDtwhEvK #> #> > jL7iFkUmt3oxCD+Z6bFfb+iWkqhKjSkMGZT6WMcOx5j4W7QwFAi7U655pwCgzbSA #> #> > yw5jWt276+hqZMOw7GuoSrED/R9oGrvjJVRTBxj3/UXiKhqce/C5BXjLB2377Y/D #> #> > n79XFhZGXp3D8rI7YgfmOB/JnvG5jJ/1LQE4Sac8RgL0Lr9B+v1TI8h4/TI5s0zH #> #> > 8MiX1gWBVrexDGyqHUC0cO3xBpvZtVBoYQey7djC7/wPLW8wQRsQOf1Gciy7H9pb #> #> > pbesA/wO0otaoSXtlGaKYLvqeM+mRM3Zgo63/HGQB9m1LXhp9LTx3fcmOOtQs5jL #> #> > rCRhd/U6y/+Lwfnkpdf8e/LkcGuFC1oUq8ZBj7sgFnEuGHgbUnltNUYqhtl/3MJG #> #> > 4ODcDOZ7ZUzhyksc1R7BEEdfe44FYqG0Wo6dmWseYkHwi9BXobRIUGF1bG8gUmlj #> #> > YXJkbyBCcnVjayAoQ29udGF0byBHbG9iYWwgU29sdXRpb25zKSA8cGF1bG9yaWNA #> #> > Y29udGF0by5jb20uYnI+iFkEExECABkFAj7RFWcECwcDAgMVAgMDFgIBAh4BAheA #> #> > AAoJEE3++teFxLIijykAoIlN1fJ6j70CGhe8VA2VH78AwMCkAJ9UfPA+4kToRcx5 #> #> > uAkbqntF2Hwf6bkBDQQ+0RVuEAQAuGu7ES6wg5PIo+fpogRKrAs1pf41/tacsNos #> #> > I/OP2o2CaNRclu0vprdydK0oMHQrvTf9ocUlECRRQkE2Gw3EAjj9fzvUH7X6zqeV #> #> > 0Pwk1RskPbMyBmZ0cClMRSh0PWesXlv4PKcYz67NJbL926Dj/Mcd9/RyhUkM80Sw #> #> > bJy/QZsAAwUEALf5pInf3Uh8Ujxy0gKG75CJupLesi+z4FBuJ9qYV6XMXCnVHGCA #> #> > jEpQcPaTRNhlMNq8lr+nNEWC8nGVDKORwWLrPmVVhttjBu3oxMGiQKQaBtg0L7ec #> #> > 0VGR8KzyKPyPM2c+qYPgVWhgQZOvhf+iLpeQffp3K99TPFb8kwcM5WaTiEYEGBEC #> #> > AAYFAj7RFW4ACgkQTf7614XEsiLm0gCgk5JPQvHWbM8NI48J8oz2rNG/CH4AoMHE #> #> > dizQXFZtxXJhCuXn09aI6Z1J #> #> > =qt+T #> #> > -----END PGP PUBLIC KEY BLOCK----- #> #> > #> #> > #> #> > -- #> #> > To UNSUBSCRIBE, email to #> [EMAIL PROTECTED] #> #> > with a subject of "unsubscribe". Trouble? Contact #> #> [EMAIL PROTECTED] #> #> > #> #> > #> #> #> #> #> #> -- #> #> To UNSUBSCRIBE, email to #> [EMAIL PROTECTED] #> #> with a subject of "unsubscribe". Trouble? Contact #> [EMAIL PROTECTED] #> #> #> -- #> #> Rogério Neves Batata ([EMAIL PROTECTED]) #> Companhia de Informática do Paraná - Celepar Linux User #87955 #> #> /"\ #> \ / Campanha da fita ASCII - contra mail html #> X ASCII ribbon campaign - against html mail #> / \ #> #> #> -- #> To UNSUBSCRIBE, email to [EMAIL PROTECTED] #> with a subject of "unsubscribe". Trouble? Contact #> [EMAIL PROTECTED] #> #> #> #> -- #> To UNSUBSCRIBE, email to [EMAIL PROTECTED] #> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Rogério Neves Batata ([EMAIL PROTECTED]) Companhia de Informática do Paraná - Celepar Linux User #87955 /"\ \ / Campanha da fita ASCII - contra mail html X ASCII ribbon campaign - against html mail / \ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
