Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Sorry, due to rapid updating I missed the fact that you'd posted your script...
Quote:
# FTP, Port 21 Forwarded to FireWall
iptables -A FORWARD -j ACCEPT -p tcp --dport 21
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to 192.168.0.3:21
I think the -i eth1 is your problem - incoming packets that should be forwarded to the FTP server (i.e internet packets) will arrive via eth0. This is why your local FTP packets end up at your server instead of the correct site. Try changing that and the HTTP line to -i eth0 instead, and rerun the script.
i tried to change to eth0 but im yet connecting to my own ftp site then connecting to another external on internet. Then trying to access http server from internet doesn't either work.
thanks for the help, it is like this. My router is right, but its only in local network i cant access http://zlitrox.ath.cx but i can surf on http://192.168.0.2 or add it in /etc/hosts that 192.168.0.2 = zlitrox.ath.cx
Yeah, that happens a lot - the router currently has the IP for zlitrox.ath.cx, and it has a web server for you to configure it, so it takes any port 80 packets to that IP (that come from the internal network) to be meant for itself. From outside, the web and ftp servers are working
Are you able to ftp outwards ok now?
Oh, and no-one is born with knowledge - we are all dumbasses at one point
That seems very unusual... paste your current firewall script up if you like, maybe we can see the problem. Otherwise, if you're not worried about it staying like that, good luck for the future
# by default, nothing is forwarded.
iptables -P FORWARD DROP
# Allow all connections OUT and only related ones IN
#iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
This line says "packets coming in on port 21 from eth1 should be sent to 192.168.0.3". Since eth1 is the connection to your local ethernet, your FTP packets are getting redirected to your own FTP service - I think you need to change -i eth1 to -i eth0. Same for the matching port 80 line... change them both and see if that fixes the problem. Let me know if you want me to test the external connection to HTTP as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.