[Masq] ipchains and FTP Server

Wed, 18 Jul 2001 11:45:10 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


I am using the following script for FTP access.  I can't seem to get it
to work correctly.  Users neet to be able to have access to update their
web sites from the Internet (eth0) and I need access from the private
network (eth1).  I would appreciate any help in resolving this issue.

Thanks in advance,

Jack


    # ------------------------------------------------------------------
    # FTP client (20, 21)
    # -------------------

    # incoming request
    
    ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
             -s $ANYWHERE $UNPRIVPORTS \
             -d $IPADDR 21 -j ACCEPT

    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
             -s $IPADDR 21 \
             -d $ANYWHERE $UNPRIVPORTS -j ACCEPT

    # PORT mode data channel responses
    ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
            -s $ANYWHERE $UNPRIVPORTS \
            -d $IPADDR 20 -j ACCEPT

    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
            -s $IPADDR 20 \
            -d $ANYWHERE $UNPRIVPORTS -j ACCEPT

    # PASSIVE mode data channel responses
    ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
            -s $ANYWHERE $UNPRIVPORTS \
            -d $IPADDR $UNPRIVPORTS -j ACCEPT

    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
            -s $IPADDR $UNPRIVPORTS \
            -d $ANYWHERE $UNPRIVPORTS -j ACCEPT


Log file from WS-FTP when connecting to RedHat:
(I'm not sure what the illegal port is.)

connecting to 63.240.14.69:21
Connected to 63.240.14.69 port 21
220 "Red Hat FTP server ready. All transfers are logged, please have a
nice day."
USER anonymous
331 Guest login ok, send your complete e-mail address as password.
PASS (hidden)
230 Guest login ok, access restrictions apply.
PWD
257 "/" is current directory.
SYST
215 UNIX Type: L8
Host type (S): UNIX (standard)
PORT 192,168,1,11,18,254
500 Illegal PORT Command
! Failed "port":
! Retrieve of directory listing failed (0)

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to