Hi All, I still have trouble, with FTP. A user is able to login, but cannot retrieve any data (also no 'ls' because of that). Here are the lines in my fw-script about FTP:
$IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET --destination-port 20 ! --syn -j ACCEPT $IPT -A INPUT -i $NET -m state --state NEW,ESTABLISHED,RELATED -p tcp -s 0/0 -d $NET --dport 20 -j ACCEPT $IPT -t filter -A INPUT -p tcp -s 0/0 -d $NET --destination-port 21 -j ACCEPT $IPT -A INPUT -i $NET -m state --state NEW,ESTABLISHED,RELATED -p tcp -s 0/0 -d $NET --dport 21 -j ACCEPT What is wrong here? Pim On Wed, 13 Oct 2004 07:40:09 -0700 (PDT), Sergio Basurto <[EMAIL PROTECTED]> wrote: > > > On Wed, 13 Oct 2004 16:35:46 +0200, Pim Bliek wrote: > > > > > That worked! Thanx a lot! > > I am not sure I understand how it works, but it works > :) > > > > Pim > > > > > > On Wed, 13 Oct 2004 07:00:30 -0700 (PDT), Sergio > Basurto > > <[EMAIL PROTECTED]> wrote: > > > On Wed, 13 Oct 2004 15:37:35 +0200, Pim Bliek wrote: > > > > > > > > > > > Hi All, > > > > > > > > I am trying to get a firewall running, but I am no > > > > networking expert. > > > > I use Debian Sid, and kernel 2.4.25-1-386 (yes I > > need > > > > to upgrade ;)). > > > (...) > > > > Regards, > > > > Pim Bliek > > > > > > > you must add something like this, addapt to your > > script > > > variables. > > > iptables -A INPUT -i $EXTIF -m state --state > > > NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d > $EXTIP > > > --dport 80 -j ACCEPT > > > > > > In the line above you specify that allow connections > > to > > > your host in port 80. > > > > > > Also you can get excellent documentation in the > > > following link: > > > www.netfilter.org > > > > > > just addapt this to your script. > > > > > > I hope this help. > > > > > > I recommend you that separate your rules in the > > > following order in your script > > > > > > INPUT > > > OUTPUT > > > FORWARD > > > PREROUTING > > > POSTROUTING > > > > > > in order to get it more readable. > > > > > > Regards. > > > > > > -- > > > Sergio Basurto J. > > > > > > If I have seen further it is by standing on the > > > shoulders of giants. (Isaac Newton) > > > -- > > > -- > > > > > > Ing. Sergio Basurto Juárez > Tel: 04455-85322945 >
