Hi

please excuse my knowledge. I only started playing with IPtables today. I've currently got the following running on my Ubuntu box

:INPUT DROP [92:16380]
:FORWARD DROP [0:0]
:OUTPUT DROP [64:14558]
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 21 -j ACCEPT
COMMIT

Simple isn't it. Shame it doesn't work though. What have I done wrong? The ubuntu box is an ftp server and I at present only want FTP to be allowed over port 21. when I test this I can ftp to the box, log in anonymously. however, when I try to 'ls' from an ftp client it just times out.

Thanks in advance for some pointers. Also any good resources on iptables would be welcome ;-)

allow 20 port also .This port using data factching

Hello!
Maybe the following lines below will help.
]# modprobe iptable_nat
iptables -t nat -A POSTROUTING -o
eth0 -j MASQUERADE.
Note: it has help me a lot.

2) Prevent IP spoofing: IP spoofing consists of making one believe that a packet coming from the outside world comes from the interface by which it arrives. Then use as follow
]# echo 1 >/proc/sys/net/ipv4/conf/all/rp_filter.
Some kind of attack becomes avoidable.
I hope it can help you.
Allein2005

Hi, thanks for the info. Is there anychance you'd be able to explain the command that is allowing the ftp to work. I don't understand the command and would appreciate if you could explain it. Thanks