Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 07-05-2013, 11:48 AM   #1
LQ Newbie
Registered: Jun 2012
Posts: 12

Rep: Reputation: Disabled
Have messed up my iptables? Get me to correct it !

I have messed up my iptables searching in Google to make ftp work on my Server. Clients get connected but unable to browse the directories nor do anything. It says ftp>Entering Passive mode and putting the message No route to host, when they hit the command "ls". I think I have messed up the iptables, many items are doubled.

I have found another way to get ftp working by enabling ip_conntrack_ftp which was not there earlier in iptables-config.

Please help me restore to the correct iptables so as to enable ftp, http and ssh.

I am using RHEL 5.4 Server X86_X64 version. I have attached the iptables file to this.
Attached Files
File Type: txt myowniptables.txt (2.5 KB, 24 views)
Old 07-05-2013, 12:27 PM   #2
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
You messed up things so far that you're not using the chain you think you are using (INPUT -> RH-Firewall-1-INPUT) and you don't seem to grasp basics like -m state (shouldn't have NEW and ESTABLISHED in one line) and since your filter table default chains all have an "ACCEPT" policy there shouldn't be a need for that much rules. Should look something like this but you should test it (like restore backup rule set after say five minutes):
# Generated by iptables-save v1.3.5 on Fri Jul  5 12:35:05 2013
:OUTPUT ACCEPT [270:43714]
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m tcp -m multiport --dports 20:22,80 -m state --state NEW -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -m icmp -p icmp --icmp-type any -j ACCEPT 
-A INPUT -m udp -p udp -d --dport 5353 -j ACCEPT 
-A INPUT -j LOG --log-prefix "REJECTED "
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
# Completed on Fri Jul  5 12:35:05 2013
1 members found this post helpful.
Old 07-05-2013, 12:29 PM   #3
Ser Olmy
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 2,680

Rep: Reputation: Disabled
Also, I would suggest you remove all references to TCP port 20 and use the FTP ALG module instead (modprobe nf_nat_ftp).
1 members found this post helpful.
Old 07-05-2013, 12:32 PM   #4
LQ Newbie
Registered: Jun 2012
Posts: 12

Original Poster
Rep: Reputation: Disabled
But Sir, should I add INPUT -> RH-Firewall-1-INPUT before each statement.
And many thanks for your nice reply Sir.


ftp, http, iptables, rhel, ssh

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables messed up? Help! JavaNinja Linux - Newbie 3 01-26-2009 05:09 PM
iptables - is it correct? sycamorex Linux - Server 6 09-30-2008 08:13 PM
Iptables - Finding the correct way? muppski Linux - Networking 1 07-18-2005 09:14 AM
is this iptables script correct? pollux0 Linux - Security 2 12-14-2002 03:38 PM
Is this iptables script correct?????? pollux0 Linux - General 0 12-13-2002 12:11 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:22 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration