[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Firewall active but ftp no longer working

Subject: Re: [cobalt-users] Firewall active but ftp no longer working
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri Oct 31 10:04:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Fri, 31 Oct 2003, R. Hamburg .: HaVa Web- & Processdesign :. wrote:
>
> > On Fri, 31 Oct 2003, R. Hamburg .: HaVa Web- & Processdesign :. wrote:
> >
> > > Hi All,
> > >
> > > Long time no see.
> > >
> > > I have a firewall running ipchains and a script
> >
> > > now there are some clients complaining not bein able to sent mails and
> ftp
> > >
> > > here are the related lines.
> > >
> > > /sbin/ipchains -A input -i eth0 -s 127.0.0.1 -j ACCEPT
> > >
> > > /sbin/ipchains -A input -i eth0 -s XXX.XXX.XXX.XXX -j ACCEPT
> > >
> > > /sbin/ipchains -A input -i eth0 -p tcp --destination-port 20:21 --syn -j
> > > ACCEPT
> > >
> > > /sbin/ipchains -A input -i eth0 -p tcp --destination-port 25 --syn -j
> ACCEPT
> > >
> > > /sbin/ipchains -A input -i eth0 -p tcp --destination-port 110 --syn -j
> > > ACCEPT
> > >
> > > /sbin/ipchains -A input -i eth0 -s 10.0.0.0/8 -d 0/0 -j DENY
> > > /sbin/ipchains -A input -i eth0 -s 172.16.0.0/12 -d 0/0 -j DENY
> > > /sbin/ipchains -A input -i eth0 -s 192.168.0.0/16 -d 0/0 -j DENY
> > > /sbin/ipchains -A input -i eth0 -s 127.0.0.0/8 -d 0/0 -j DENY
> > >
> > > /sbin/ipchains -A input -i eth0 -j DENY
> > >
> > > note that XXX.XXX.XXX.XXX is the ip of the box. Note that this is not
> the
> > > complete list of rules but the considerated needed ones for this
> questions.
> > > If you need more info please ask.
> > >
> > > i think this has something to do with passive and active ftp transfers
> using
> > > a high when connected. You can connect but it is not possible to list a
> dir
> > > in ftp or upload something any thought would be greatly appreciated.
> > > \
> >
> > # These are open to sockets created by connections allowed by ipchains
> > $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
> > $IPCHAINS -A input -p udp -s $REMOTENET -d $OUTERNET 1023:65535 -j ACCEPT
> >
>
> Hi Gerald,
>
> how have you defined remotenet and outernet ??
>
> can you specify the range you defined please /?
>
OUTERIF=eth0
REMOTENET=0/0
OUTERIP=`ifconfig $OUTERIF | grep inet | cut -d : -f 2 | cut -d \  -f 1`
OUTERMASK=`ifconfig $OUTERIF | grep Mas | cut -d : -f 4`
OUTERNET=$OUTERIP/$OUTERMASK

REMOTENET is 0/0
OUTERNET is IPaddress/netmask

Gerald
--
http://frontstreetnetworks.com | http://store.raqware.com
  Front Street Networks LLC, 229 Front Street, Ste.#C
  New Haven, CT 06513-3203 | phone: +1-203-785-0699

References:
- RE: [cobalt-users] chkrootkit
  - From: > freitag lab. ag / nafroth
- [cobalt-users] Firewall active but ftp no longer working
  - From: R. Hamburg .: HaVa Web- & Processdesign :.
- Re: [cobalt-users] Firewall active but ftp no longer working
  - From: Gerald Waugh
- Re: [cobalt-users] Firewall active but ftp no longer working
  - From: R. Hamburg .: HaVa Web- & Processdesign :.

Prev by Date: Re: [cobalt-users] Spamassasin how to turn off ?
Next by Date: Re: [cobalt-users] Spamassasin how to turn off ?
Previous by thread: Re: [cobalt-users] Firewall active but ftp no longer working
Next by thread: [cobalt-users] blocking host

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index