Proftp iptables
I'm having some issues with proftp and iptables. These rules are the only thing I could connect to the ftp server with. I am just wondering if this is good way to do it or if there is a lot more efficient way.
$IPTABLES -A INPUT -i $EXT -p tcp \
-s 10.0.0.0/8 --dport 21 -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT -p tcp ! --syn \
-d 10.0.0.0/8 --sport 21 -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT -p tcp \
--source-port 20 -d 10.0.0.0/8 -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p tcp ! --syn \
-s 10.0.0.0/8 --dport 20 -j ACCEPT
# PASSIVE MODE data channel responses
$IPTABLES -A INPUT -i $EXT -p tcp \
-s 10.0.0.0/8 --sport $UNPRIVPORTS --dport $UNPRIVPORTS -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT -p tcp ! --syn \
--sport $UNPRIVPORTS -d 10.0.0.0/8 --dport $UNPRIVPORTS -j ACCEPT
The other problem is that when there is no firewall the initial connection is very quick but with this turned on it seems to take about 8-12 seconds to initiate. After the initial connection it's fast though. Hope that makes sense.
Thanks
|