Im trying to set up IPTables on a FTP Proxy.
The FTP Proxy port is 2100.
So far Ive used the following config.
Code:
IPTABLES=/sbin/iptables
$IPTABLES --flush
$IPTABLES -N LOGDROP
$IPTABLES -A LOGDROP -j LOG --log-level 6
$IPTABLES -A LOGDROP -j DROP
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -m state --state NEW -m tcp -p tcp -s [Client IP] --dport 2100 -j ACCEPT
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -j LOGDROP
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m tcp -p tcp -d [FTP Server] --dport 21 -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
$IPTABLES -A OUTPUT -j LOGDROP
$IPTABLES --policy INPUT DROP
$IPTABLES --policy OUTPUT DROP
Ive added the following modules
Code:
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_ftp ports=2100,21
Looking at the logs it appears that the data channel is being blocked on the way out of the outbound interface. From this it appears that the port 21 isnt being picked up from the ftp port mod probe.
Anyone any ideas ??