Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I am currently attempting and failing to get the following setup to work.
I have a client behind an iptables firewall which is also source and destination NATting the private address of the client to a real world address.
Providing the forwarding rule is in place, everything works fine -except ftp which establishes the command channel connection but can't do the data channel ( I have tried both PORT and PASV modes) . I ahve the following iptables rule which is meant to allow this but does not:
iptables -I FORWARD -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
but I see the following being dropped (192.168.0.5 is the client):
loaded surely they should do it? - I cannot see the module you mentioned- I am using RedHat 7.2
But I assume redhat was already smart enough to do that for you.
The rule you stated in the first message doesn't help much because as far as my knowledge of iptables goes it looks like it's forwarding port 1024.
And if you look at the packet that is dropped it has source port 1886 and destination port 1168. That's the whole thing about ftp which makes it use different ports all the time which makes it hard to masquerade. Those modules are supposed to handle all that for you so you won't need any forwarding rules. All you have to do is make sure those modules work properly. But from the information I have now I can't really see if they are doing anything or not.
If you run lsmod do you actually see them running?
Oh yeah I guess I overlooked the : on the ports. They've got that in ipchains too so I should have known.
I guess I should start using iptables myself since the syntax is pretty similar and it offers a bunch of extra features. I guess I'll add it to my list of projects to complete on a rainy sunday.