[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Firewall active but ftp no longer working

On Fri, 31 Oct 2003, R. Hamburg .: HaVa Web- & Processdesign :. wrote:

> Hi All,
>
> Long time no see.
>
> I have a firewall running ipchains and a script

> now there are some clients complaining not bein able to sent mails and ftp
>
> here are the related lines.
>
> /sbin/ipchains -A input -i eth0 -s 127.0.0.1 -j ACCEPT
>
> /sbin/ipchains -A input -i eth0 -s XXX.XXX.XXX.XXX -j ACCEPT
>
> /sbin/ipchains -A input -i eth0 -p tcp --destination-port 20:21 --syn -j
> ACCEPT
>
> /sbin/ipchains -A input -i eth0 -p tcp --destination-port 25 --syn -j ACCEPT
>
> /sbin/ipchains -A input -i eth0 -p tcp --destination-port 110 --syn -j
> ACCEPT
>
> /sbin/ipchains -A input -i eth0 -s 10.0.0.0/8 -d 0/0 -j DENY
> /sbin/ipchains -A input -i eth0 -s 172.16.0.0/12 -d 0/0 -j DENY
> /sbin/ipchains -A input -i eth0 -s 192.168.0.0/16 -d 0/0 -j DENY
> /sbin/ipchains -A input -i eth0 -s 127.0.0.0/8 -d 0/0 -j DENY
>
> /sbin/ipchains -A input -i eth0 -j DENY
>
> note that XXX.XXX.XXX.XXX is the ip of the box. Note that this is not the
> complete list of rules but the considerated needed ones for this questions.
> If you need more info please ask.
>
> i think this has something to do with passive and active ftp transfers using
> a high when connected. You can connect but it is not possible to list a dir
> in ftp or upload something any thought would be greatly appreciated.
> \

# These are open to sockets created by connections allowed by ipchains
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
$IPCHAINS -A input -p udp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT

Gerald
--
http://frontstreetnetworks.com | http://store.raqware.com
  Front Street Networks LLC, 229 Front Street, Ste.#C
  New Haven, CT 06513-3203 | phone: +1-203-785-0699