[Linux-Biella] FTP e iptables
MauroTB
linux@bilug.linux.it
Fri, 19 Jul 2002 09:38:41 +0200
This is a multi-part message in MIME format.
------=_NextPart_000_000C_01C22F08.113FE880
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Prova con lo statefull inspection tipo
#FTP in uscita
/sbin/iptables -A FW_FORWARD -i $IFACE_esterna -o $IFACE_interna -d =
$RETE_interna -p tcp --source-port 21 -m state --state ESTABLISHED -j =
ACCEPT
/sbin/iptables -A FW_FORWARD -o $IFACE_esterna -i $IFACE_interna -s =
$RETE_interna -p tcp --destination-port 21 -m state --state =
NEW,ESTABLISHED -j ACCEPT
#FTP Attivo
/sbin/iptables -A FW_FORWARD -i $IFACE_esterna -o $IFACE_interna -d =
$RETE_interna -p tcp --source-port 20 -m state --state =
ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FW_FORWARD -o $IFACE_esterna -i $IFACE_interna -s =
$RETE_interna -p tcp --destination-port 20 -m state --state ESTABLISHED =
-j ACCEPT
#FTP Passivo
/sbin/iptables -A FW_FORWARD -i $IFACE_esterna -o $IFACE_interna -d =
$RETE_interna -p tcp --source-port $UP_PORTS --destination-port =
$UP_PORTS -m state --state ESTABLISHED -j ACCEPT
/sbin/iptables -A FW_FORWARD -o $IFACE_esterna -i $IFACE_interna -s =
$RETE_interna -p tcp --source-port $UP_PORTS --destination-port =
$UP_PORTS -m state --state ESTABLISHED,RELATED -j ACCEPT
----- Original Message -----=20
From: "Luca Bertoncello" <lucabert@lucabert.de>
To: "Lista BiLug" <linux@bilug.linux.it>
Sent: Friday, July 19, 2002 9:39 AM
Subject: [Linux-Biella] FTP e iptables
> Ciao a tutti!
>=20
> Ho un altro problema con iptables...
> Molto semplicemente, una volta attivate le regole, non riesco piu' a =
usare FTP...
> O, meglio, mi loggo tranquillamente nel server ma, nel momento in cui =
cerco di fare un download, non passa nemmeno un bit...
>=20
> Tutto questo, suppongo proprio, e' perche' viene decisa una porta di =
comunicazione diversa dalla 20/21 per spedire il file.
>=20
> Qualcuno sa dirmi come porre rimedio?
>=20
> Ciao e grazie!
> Luca
> _______________________________________________
> Linux mailing list
> Linux@bilug.linux.it
> http://www.bilug.linux.it/mailman/listinfo/linux
>=20
------=_NextPart_000_000C_01C22F08.113FE880
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV>
<P><FONT face=3DArial size=3D2>Prova con lo statefull inspection =
tipo</FONT></P>
<P><FONT face=3DArial size=3D2>#FTP in uscita</FONT></P>
<P><FONT face=3DArial size=3D2>/sbin/iptables -A FW_FORWARD -i =
$IFACE_esterna -o=20
$IFACE_interna -d $RETE_interna -p tcp --source-port 21 -m state --state =
ESTABLISHED -j ACCEPT</FONT></P>
<P><FONT face=3DArial size=3D2>/sbin/iptables -A FW_FORWARD -o =
$IFACE_esterna -i=20
$IFACE_interna -s $RETE_interna -p tcp --destination-port 21 -m state =
--state=20
NEW,ESTABLISHED -j ACCEPT</FONT></P>
<P><FONT face=3DArial size=3D2>#FTP Attivo</FONT></P>
<P><FONT face=3DArial size=3D2>/sbin/iptables -A FW_FORWARD -i =
$IFACE_esterna -o=20
$IFACE_interna -d $RETE_interna -p tcp --source-port 20 -m state --state =
ESTABLISHED,RELATED -j ACCEPT</FONT></P>
<P><FONT face=3DArial size=3D2>/sbin/iptables -A FW_FORWARD -o =
$IFACE_esterna -i=20
$IFACE_interna -s $RETE_interna -p tcp --destination-port 20 -m state =
--state=20
ESTABLISHED -j ACCEPT</FONT></P>
<P><FONT face=3DArial size=3D2>#FTP Passivo</FONT></P>
<P><FONT face=3DArial size=3D2>/sbin/iptables -A FW_FORWARD -i =
$IFACE_esterna -o=20
$IFACE_interna -d $RETE_interna -p tcp --source-port $UP_PORTS=20
--destination-port $UP_PORTS -m state --</FONT><FONT face=3DArial =
size=3D2>state=20
ESTABLISHED -j ACCEPT</FONT></P>
<P><FONT face=3DArial size=3D2>/sbin/iptables -A FW_FORWARD -o =
$IFACE_esterna -i=20
$IFACE_interna -s $RETE_interna -p tcp --source-port $UP_PORTS=20
--destination-port $UP_PORTS -m state --</FONT><FONT face=3DArial =
size=3D2>state=20
ESTABLISHED,RELATED -j ACCEPT</FONT></P></DIV>
<DIV><FONT face=3DArial size=3D2>----- Original Message ----- </FONT>
<DIV><FONT face=3DArial size=3D2>From: "Luca Bertoncello" <</FONT><A=20
href=3D"mailto:lucabert@lucabert.de"><FONT face=3DArial=20
size=3D2>lucabert@lucabert.de</FONT></A><FONT face=3DArial =
size=3D2>></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>To: "Lista BiLug" <</FONT><A=20
href=3D"mailto:linux@bilug.linux.it"><FONT face=3DArial=20
size=3D2>linux@bilug.linux.it</FONT></A><FONT face=3DArial =
size=3D2>></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Sent: Friday, July 19, 2002 9:39 =
AM</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Subject: [Linux-Biella] FTP e=20
iptables</FONT></DIV></DIV>
<DIV><FONT face=3DArial><BR><FONT size=3D2></FONT></FONT></DIV><FONT =
face=3DArial=20
size=3D2>> Ciao a tutti!<BR>> <BR>> Ho un altro problema con=20
iptables...<BR>> Molto semplicemente, una volta attivate le regole, =
non=20
riesco piu' a usare FTP...<BR>> O, meglio, mi loggo tranquillamente =
nel=20
server ma, nel momento in cui cerco di fare un download, non passa =
nemmeno un=20
bit...<BR>> <BR>> Tutto questo, suppongo proprio, e' perche' viene =
decisa=20
una porta di comunicazione diversa dalla 20/21 per spedire il =
file.<BR>>=20
<BR>> Qualcuno sa dirmi come porre rimedio?<BR>> <BR>> Ciao e=20
grazie!<BR>> Luca<BR>>=20
_______________________________________________<BR>> Linux mailing=20
list<BR>> </FONT><A href=3D"mailto:Linux@bilug.linux.it"><FONT =
face=3DArial=20
size=3D2>Linux@bilug.linux.it</FONT></A><BR><FONT face=3DArial =
size=3D2>> </FONT><A=20
href=3D"http://www.bilug.linux.it/mailman/listinfo/linux"><FONT =
face=3DArial=20
size=3D2>http://www.bilug.linux.it/mailman/listinfo/linux</FONT></A><BR><=
FONT=20
face=3DArial size=3D2>> </FONT></BODY></HTML>
------=_NextPart_000_000C_01C22F08.113FE880--