IPTables and FTP clients

David Busby Wed, 17 Jul 2002 13:05:27 -0700

List,
        I've got a 7.2 box running IPTables as my firewall...it won't allow PASV 
ftp connections through...this is not good.  I've got the necessary 
modules loaded (I think) and my startup script is good..
can someone tell me what I'm missing...


TIA
/B

-- My Loaded Modules
autofs                 11232   0  (autoclean) (unused)
3c59x                  25216   1
tulip                  37728   1
ipt_state               1024   1  (autoclean)
iptable_mangle          2160   0  (autoclean) (unused)
ipt_MASQUERADE          1664   1  (autoclean)
iptable_nat            16528   0  (autoclean) [ipt_MASQUERADE]
iptable_filter          2128   0  (autoclean) (unused)
ip_conntrack_ftp        3824   0  (unused)
ip_conntrack           15824   3  [ipt_state ipt_MASQUERADE iptable_nat 
ip_conntrack_ftp]
ip_tables              10944   7  [ipt_state iptable_mangle 
ipt_MASQUERADE iptable_nat iptable_filter]
ext3                   61936   2
jbd                    38976   2  [ext3]


-- My (lame) script:
for module in ip_tables iptable_filter ip_conntrack_ftp ip_nat_ftp; do
         if [ -z "lsmod |grep $module" ]; then
                 echo "Loading $module kernel module"
                 insmod --lock --autoclean $module
         fi
done

# Clear the iptables rules
echo \* Clearing iptables configuration
for filter in nat filter mangle; do
         iptables -t $filter -F
         iptables -t $filter -X
         iptables -t $filter -Z
done

# Start Building our rules
echo \* Setting Loopback rules
# Loopback rule...allow everything on lo
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Setup our NAT rules
echo \* Setting NAT rules
# iptables -t filter -A FORWARD -j localrules
# The 10.0.0.0 network
iptables -t nat -A POSTROUTING -o eth1 -s 10.0.0.0/24 -d 0/0 -j MASQUERADE

# Setup external interface rules
echo \* Setting external rules
# Allow SSH
iptables -t filter -A INPUT -i eth1 -m tcp -p tcp --dport 22 -j ACCEPT
# Allow established or releated connections (ftp, etc)
iptables -t filter -A INPUT -i eth1 -p tcp -m state --state 
ESTABLISHED,RELATED -j ACCEPT
# Drop all new incoming packets here (request to connect)
# iptables -t filter -A INPUT -i eth1 -m state --state NEW -j DROP



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

IPTables and FTP clients

Reply via email to