Iptables

pk21 · 09-05-2002, 04:48 PM

I already tryed that but it didnt seem to work.

But thanks for replying!

peter_robb · 09-06-2002, 03:21 AM

We will need to see what you have in your iptables rules, check for conflicts etc..
Do you feel like emailing it to me?

Regards,
Peter

pk21 · 09-06-2002, 06:58 AM

Chain INPUT (policy DROP)
ACCEPT tcp -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere state RELATED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW

Chain OUTPUT (policy ACCEPT)
ACCEPT tcp -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere state RELATED

peter_robb · 09-06-2002, 08:16 AM

Change the ftp to 'spt:ftp'
You must accept packets FROM an ftp server

Regards,
Peter

pk21 · 09-06-2002, 08:38 AM

No, i am running a ftp server. On this ftp server i am making my firewall rules.

Here is my last line out of my log file:
Sep 6 17:36:46 nbs-125 kernel: IPTABLESIN=eth0 OUT= MAC=00:48:54:56:35:89:00:d0:b7:1c:a9:b8:08:00 SRC=192.168.0.55 DST=192.168.0.125 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15551 DF PROTO=TCP SPT=57671 DPT=35748 WINDOW=5840 RES=0x00 SYN URGP=0

peter_robb · 09-06-2002, 10:54 AM

Try this next..

Remove the two OUTPUT rules, they do nothing in an ACCEPT policy chain.
Change the ESTABLISHED & RELATED rules to be all protocols, not just tcp.
The segment of log file says nothing usefull...

Regards,
Peter.

pk21 · 09-06-2002, 11:49 AM

In the log you can see that there is a syn packet which gets blocked. That sys packet is for as far as i know only send with new connections.

And i already tryed without the output rulez, but monday i will try the other protocols.

Thanks for all the help so far.

peter_robb · 09-06-2002, 12:36 PM

Yeah, any NEW SYN packets will get blocked other than port 21 destnation packets
(at least ideally!!)

Regards,
Peter