Running a linux firewall (mandrake 9.2) to let us selectively use either our campus LAN or our cable modem. Its working great, but I can't seem to get FTP to work correctly.
Here's what happens when I try to connect to any FTP site (and I've tried more than 5):
C:\>ftp
ftp> open
To ftp.*********.net
Connected to ftp.********.net.
220 *********.net FTP Server v3.0 for WinSock ready...
User (ftp.********.net
none)): notrelevant
331 User name okay, need password.
Password:
230 User logged in, proceed.
ftp> dir
Connection closed by remote host.
ftp>
Here's the firewall script for that interface:
Code:
#!/bin/bash
IPT=/sbin/iptables
$IPT -N OUT_MU
$IPT -A OUT_MU -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUT_MU -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
#---TCP---#
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 20:21 -j ACCEPT #FTP
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 22 -j ACCEPT #SSH
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 23 -j ACCEPT #TELNET
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 25 -j ACCEPT #SMTP
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 80 -j ACCEPT #HTTP
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 110 -j ACCEPT #POP3
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 143 -j ACCEPT #IMAP
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 443 -j ACCEPT #HTTPS
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 445 -j ACCEPT #MICROSOFT_DS
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 682 -j ACCEPT #AWW-2-DSP
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 684 -j ACCEPT #TERMINAL-TO-SAVANNAH
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 1433 -j ACCEPT #SQL-SERVER
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 3389 -j ACCEPT #TERMINAL-SERVICES
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 4000 -j ACCEPT #REALM GAMES
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 6112:6119 -j ACCEPT #REALM GAMES
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 6666:6669 -j ACCEPT #IRC
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 7000 -j ACCEPT #IRC
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 8008 -j ACCEPT #WEBDAV-TO-WEBBY
$IPT -A OUT_MU -m state --state NEW -p tcp --dport 51443 -j ACCEPT #NETSTORAGE
#---UDP---#
$IPT -A OUT_MU -m state --state NEW -p udp --dport 20:21 -j ACCEPT #FTP
$IPT -A OUT_MU -m state --state NEW -p udp --dport 53 -j ACCEPT #DNS
$IPT -A OUT_MU -m state --state NEW -p udp --dport 4000 -j ACCEPT #REALM GAMES
$IPT -A OUT_MU -m state --state NEW -p udp --dport 6112:6119 -j ACCEPT #REALM GAMES
#---ICMP---#
$IPT -A OUT_MU -p icmp -j OUT_ICMP
$IPT -A OUT_MU -j DROP
echo *********-OUT_MU added
Any help would be appriciated.