[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Firewall active but ftp no longer working

Subject: Re: [cobalt-users] Firewall active but ftp no longer working
From: "R. Hamburg .: HaVa Web- & Processdesign :." <user@xxxxxxx>
Date: Fri Oct 31 08:52:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

----- Original Message ----- 
From: "Gerald Waugh" <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, October 31, 2003 5:39 PM
Subject: Re: [cobalt-users] Firewall active but ftp no longer working


> On Fri, 31 Oct 2003, R. Hamburg .: HaVa Web- & Processdesign :. wrote:
>
> > Hi All,
> >
> > Long time no see.
> >
> > I have a firewall running ipchains and a script
>
> > now there are some clients complaining not bein able to sent mails and
ftp
> >
> > here are the related lines.
> >
> > /sbin/ipchains -A input -i eth0 -s 127.0.0.1 -j ACCEPT
> >
> > /sbin/ipchains -A input -i eth0 -s XXX.XXX.XXX.XXX -j ACCEPT
> >
> > /sbin/ipchains -A input -i eth0 -p tcp --destination-port 20:21 --syn -j
> > ACCEPT
> >
> > /sbin/ipchains -A input -i eth0 -p tcp --destination-port 25 --syn -j
ACCEPT
> >
> > /sbin/ipchains -A input -i eth0 -p tcp --destination-port 110 --syn -j
> > ACCEPT
> >
> > /sbin/ipchains -A input -i eth0 -s 10.0.0.0/8 -d 0/0 -j DENY
> > /sbin/ipchains -A input -i eth0 -s 172.16.0.0/12 -d 0/0 -j DENY
> > /sbin/ipchains -A input -i eth0 -s 192.168.0.0/16 -d 0/0 -j DENY
> > /sbin/ipchains -A input -i eth0 -s 127.0.0.0/8 -d 0/0 -j DENY
> >
> > /sbin/ipchains -A input -i eth0 -j DENY
> >
> > note that XXX.XXX.XXX.XXX is the ip of the box. Note that this is not
the
> > complete list of rules but the considerated needed ones for this
questions.
> > If you need more info please ask.
> >
> > i think this has something to do with passive and active ftp transfers
using
> > a high when connected. You can connect but it is not possible to list a
dir
> > in ftp or upload something any thought would be greatly appreciated.
> > \
>
> # These are open to sockets created by connections allowed by ipchains
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
> $IPCHAINS -A input -p udp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
>

Hi Gerald,

how have you defined remotenet and outernet ??

can you specify the range you defined please /?

thanks

Rob

Follow-Ups:
- Re: [cobalt-users] Firewall active but ftp no longer working
  - From: Gerald Waugh

References:
- RE: [cobalt-users] chkrootkit
  - From: > freitag lab. ag / nafroth
- [cobalt-users] Firewall active but ftp no longer working
  - From: R. Hamburg .: HaVa Web- & Processdesign :.
- Re: [cobalt-users] Firewall active but ftp no longer working
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-users] Firewall active but ftp no longer working
Next by Date: [cobalt-users] [RAQ4] Quota Problems on New Site and User
Previous by thread: Re: [cobalt-users] Firewall active but ftp no longer working
Next by thread: Re: [cobalt-users] Firewall active but ftp no longer working

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index