LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-20-2007, 10:53 AM   #1
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Rep: Reputation: 30
Iptables and FTP


Quote:
[root@localhost root]# iptables -nvL
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
56 3716 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW multiport dports 80,443,21,22
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW icmp type 8
1 67 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- eth0 * 10.0.0.0/8 0.0.0.0/0
0 0 DROP all -- eth0 * 172.16.0.0/12 0.0.0.0/0
0 0 DROP all -- eth0 * 192.168.0.0/16 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy DROP 1 packets, 364 bytes)
pkts bytes target prot opt in out source destination
41 6481 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 231 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 state NEW multiport dports 25,80,443,22
0 0 ACCEPT icmp -- * eth0 0.0.0.0/0 0.0.0.0/0 state NEW icmp type 8
1 67 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
[root@localhost root]#
And my script is...

Quote:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
# Allow input that has been established and related
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allowing all outpus those are estublished and related
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow DNS query input from others (since it is a DNS server)
iptables -A INPUT -p UDP -i eth0 --dport 53 -m state --state NEW -j ACCEPT
# Allow the box to query to other DNS servers.(Since it is also a DNS client)
iptables -A OUTPUT -p UDP -o eth0 --dport 53 -m state --state NEW -j ACCEPT
# Allow specific services to input. They are http, https, ftp, ssh
iptables -A INPUT -p TCP -i eth0 -m multiport --dports 80,443,21,22 -m state --state NEW -j ACCEPT
# Allow to query on some ports from this host. They are http, https, smtp, ssh
iptables -A OUTPUT -p TCP -o eth0 -m multiport --dports 25,80,443,22 -m state --state NEW -j ACCEPT
# Allow to ping the box
iptables -A INPUT -p ICMP -i eth0 --icmp-type 8 -m state --state NEW -j ACCEPT
# Allow to respond to ping requests
iptables -A OUTPUT -p ICMP -o eth0 --icmp-type 8 -m state --state NEW -j ACCEPT
# Allow loopback input
iptables -A INPUT -i lo -j ACCEPT
# Allow output to loopback
iptables -A OUTPUT -o lo -j ACCEPT
# Do some checks for obviously spoofed IP's
iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP
iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP
# Saving and activating the new rules
service iptables save
service iptables restart
Now when i do a wget to some ftp site, the result is....

[root@localhost root]# wget ftp://202.65.194.212/cn/nic/r8168-8.003.00.tar.bz2
--21:53:49-- ftp://202.65.194.212/cn/nic/r8168-8.003.00.tar.bz2
=> `r8168-8.003.00.tar.bz2'
Connecting to 202.65.194.212:21...

And then nothing.... what minor change i need to do???
 
Old 09-20-2007, 10:57 AM   #2
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Original Poster
Rep: Reputation: 30
solved.... i just added and the port and it beame

iptables -A OUTPUT -p TCP -o eth0 -m multiport --dports 25,80,443,21,22 -m state --state NEW -j ACCEPT

and then solved.... thankyou guys...!!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables and ftp Ammad Linux - Networking 3 12-19-2005 05:56 PM
ftp and iptables eantoranz Linux - Networking 1 07-04-2005 11:24 AM
iptables and ftp ciberrust Linux - Networking 2 11-19-2004 05:05 PM
IPTables and FTP - ftp on LAN adamgedde Linux - Newbie 6 10-16-2003 08:11 PM
ftp and ftp port forwarding with IPtables?? FunkFlex Linux - Security 3 04-24-2002 03:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration