----- Original Message ----- From: "Arief Yudhawarman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 30, 2004 1:02 PM Subject: [tanya-jawab] client akses ftp behind firewall (iptables)
> Hai milisers, > > Selama ini saya pakai ipchains untuk firewall mesin linux redhat 7.3. > Sekarang ini coba-coba pakai iptables yg sudah ada dalam packagenya > redhat. Linux ini koneksi dialup ke internet, tes yg saya lakukan > dr client win98 dan memakai script "Iptables Tutorial 1.1.19" > dg contoh script rc.DHCP.firewall yg sudah dimodifikasi untuk dialup, > client win98 sudah bisa browsing ke internet, irc, MSN, dll, kecuali > ftp, bisa masuk (login) tapi tidak bisa memunculkan > list atau daftar isi. Saya pakai CuteFTP untuk koneksi ke internet, > options PASSIVE sudah dicawang, muncul pesan sbb: > > STATUS:> Connect: Thursday 12:28:38 09-30-2004 > STATUS:> Connecting to domain.com > STATUS:> Connecting to domain.com (ip = 203.x.x.x) > STATUS:> Socket connected. Waiting for welcome message... > 220 (vsFTPd 1.1.3) > STATUS:> Connected. Authenticating... > COMMAND:> USER username > 331 Please specify the password. > COMMAND:> PASS ******** > 230 Login successful. Have fun. > STATUS:> Login successful > STATUS:> This site can resume broken downloads > COMMAND:> PWD > 257 "/" > STATUS:> Retrieving directory listing... > COMMAND:> PASV > 227 Entering Passive Mode (203,130,252,37,109,220) > COMMAND:> LIST > STATUS:> Connecting data socket... > ERROR:> Failed to establish data socket > ERROR:> Interrupted > STATUS:> Trashed response received > 425 Failed to establish connection. > STATUS:> Retrieving directory listing... > COMMAND:> PASV > 227 Entering Passive Mode (203,130,252,37,149,253) > COMMAND:> LIST > STATUS:> Connecting data socket... > ERROR:> Failed to establish data socket > 425 Failed to establish connection. > ERROR:> File error > > > Di file script firewall sudah ada : > > # 2. Module loading. > /sbin/depmod -a > /sbin/modprobe ip_conntrack > /sbin/modprobe ip_tables > /sbin/modprobe iptable_filter > /sbin/modprobe iptable_mangle > /sbin/modprobe iptable_nat > /sbin/modprobe ipt_LOG > /sbin/modprobe ipt_limit > /sbin/modprobe ipt_MASQUERADE > # 2.2 Non-Required modules > /sbin/modprobe ipt_owner > /sbin/modprobe ipt_REJECT > /sbin/modprobe ip_conntrack_ftp > /sbin/modprobe ip_conntrack_irc > /sbin/modprobe ip_nat_ftp > /sbin/modprobe ip_nat_irc > # 3.1 Required proc configuration > echo "1" > /proc/sys/net/ipv4/ip_forward > # 3.2 Non-Required proc configuration > echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter > echo "1" > /proc/sys/net/ipv4/conf/all/proxy_arp > echo "1" > /proc/sys/net/ipv4/ip_dynaddr > > Kemudian di log firewall ada pesan: > > server kernel: divert: no divert_blk to free, ppp0 not ethernet > > Ada yg pernah mengalami hal di atas ? > > -- ++ saya juga mengalami hal yg sama, malahan masih ada lagi yaitu utk browsing kalo ke web yg misal : https://host.some-domain.com:19638 . Utk browse yg begini udah dicoba bisa ya? karena buru-buru akhirnya sementara pasang giptables ( www.giptables.org ), karena simple & luwes akhirnya termanjakan ama scriptnya sementara jadi semen'tahun' deh he he ... coba deh, syapa tau bisa jadi solusi. sorry , lagi-lagi gak menjawab pertanyaan, tp kasih solusi laen ato mungkin malah OOT ? ;) salam, -rianu- -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip, FAQ, dan info milis di http://linux.or.id/milis.php Tidak bisa posting? Baca: http://linux.or.id/wiki/index.php?pagename=ProblemMilisDanSolusi http://linux.or.id/wiki/index.php?pagename=TataTertibMilis
