LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Easy question about the firewall :) (https://www.linuxquestions.org/questions/linux-networking-3/easy-question-about-the-firewall-403051/)

raf_iso 01-13-2006 04:38 PM
Easy question about the firewall :)
 
Hello,

does some1 can tell me how to allow everything on eth0 and only ftp (20-21)+passive range(xxxx-yyyy) on eth1 ??

I tried to play with iptables... but the following commands are not working as espected. Everything seems to be blocked. :eek:

Code:
# the goal :
# eth0 = OK for samba, httpd, snmp... everything EXCEPT
# eth1 = ftp server
#
iptables -P INPUT DROP
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 20:21 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 30000:33000 -j ACCEPT
It's a fedora4 box.

Thanks for your help :scratch:
rafiso

pljvaldez 01-13-2006 06:59 PM
If you have a gui, try installing a gui frontend like guarddog or firestarter.

raf_iso 01-14-2006 02:53 AM
Hi, thanks for your message.

Anyway I already tried with firestarted but I'm not able to have these rules working.

Does nobody know the few lines that I should have ?

Firestarted and all these gui seems to be for routers ! I mean there is an "internet interface" and a "lan".. for me that's easier : both are in lan ! I only want to allow ONLY FTP with the passiv range on eth1 and everything else on eth0.

I'm getting mad with this :)

thx for the help

pk21 01-14-2006 03:45 AM
First try if active ftp works, if it does than you probably only have to load the connection tracking module to enable passive ftp.


All times are GMT -5. The time now is 05:00 PM.