LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-05-2013, 10:48 AM   #1
adam1969in
LQ Newbie
 
Registered: Jun 2012
Posts: 12

Rep: Reputation: Disabled
Have messed up my iptables? Get me to correct it !


I have messed up my iptables searching in Google to make ftp work on my Server. Clients get connected but unable to browse the directories nor do anything. It says ftp>Entering Passive mode and putting the message No route to host, when they hit the command "ls". I think I have messed up the iptables, many items are doubled.

I have found another way to get ftp working by enabling ip_conntrack_ftp which was not there earlier in iptables-config.

Please help me restore to the correct iptables so as to enable ftp, http and ssh.

I am using RHEL 5.4 Server X86_X64 version. I have attached the iptables file to this.
Attached Files
File Type: txt myowniptables.txt (2.5 KB, 24 views)
 
Old 07-05-2013, 11:27 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,354
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
You messed up things so far that you're not using the chain you think you are using (INPUT -> RH-Firewall-1-INPUT) and you don't seem to grasp basics like -m state (shouldn't have NEW and ESTABLISHED in one line) and since your filter table default chains all have an "ACCEPT" policy there shouldn't be a need for that much rules. Should look something like this but you should test it (like restore backup rule set after say five minutes):
Code:
# Generated by iptables-save v1.3.5 on Fri Jul  5 12:35:05 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [270:43714]
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp -m multiport --dports 20:22,80 -m state --state NEW -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -m icmp -p icmp --icmp-type any -j ACCEPT 
-A INPUT -m udp -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT 
-A INPUT -j LOG --log-prefix "REJECTED "
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Fri Jul  5 12:35:05 2013
 
1 members found this post helpful.
Old 07-05-2013, 11:29 AM   #3
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,448

Rep: Reputation: Disabled
Also, I would suggest you remove all references to TCP port 20 and use the FTP ALG module instead (modprobe nf_nat_ftp).
 
1 members found this post helpful.
Old 07-05-2013, 11:32 AM   #4
adam1969in
LQ Newbie
 
Registered: Jun 2012
Posts: 12

Original Poster
Rep: Reputation: Disabled
But Sir, should I add INPUT -> RH-Firewall-1-INPUT before each statement.
And many thanks for your nice reply Sir.
 
  


Reply

Tags
ftp, http, iptables, rhel, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables messed up? Help! JavaNinja Linux - Newbie 3 01-26-2009 04:09 PM
iptables - is it correct? sycamorex Linux - Server 6 09-30-2008 07:13 PM
Iptables - Finding the correct way? muppski Linux - Networking 1 07-18-2005 08:14 AM
is this iptables script correct? pollux0 Linux - Security 2 12-14-2002 02:38 PM
Is this iptables script correct?????? pollux0 Linux - General 0 12-13-2002 11:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration