LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Windows ftp service behind IPTABLES
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-28-2004, 04:59 PM   #1
lscala
LQ Newbie
 
Registered: Feb 2004
Posts: 1

Rep: Reputation: 0
Windows ftp service behind IPTABLES

Hi !! .. i recently configure a redhat server with iptables to use as a firewall ... to connect remotely to my windows ... with DNAT i configured the tcp port 3389 ... and to have access to a website... with dnat i use port 80... but the problems come when i need to do the same thing with my ftp server on windows 2000 ... anyone know how can i do to "publish" my windows ftp service behind the iptables ... what are the rules ? ... do i need to install some extra module .. or something... any help will be appreciated ...


Cya...

Luciano.
 
Old 02-29-2004, 07:27 PM   #2
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
just make sure the ip_conntrack_ftp keenle module is loaded with 'lsmod' as root.
if it isnt, add '/sbin/modprobe ip_conntrack_ftp' to /etc/rc.d/rc.local

and make sure incoming tcp packets to port ftp are accepted,
and tcp packets with state Established or related are allowed.

sonthing like.....

/sbin/iptables -A INPUT -p tcp --dport ftp -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

should work... okay ?
 
Old 02-29-2004, 07:30 PM   #3
g-rod
Member
 
Registered: Dec 2003
Location: Long Island, NY USA
Distribution: RedHat, SUSE
Posts: 336

Rep: Reputation: 30
You need to enable connection tracking. I use Redhat as a firewall also.. The is a great set of scripts that handles all of this type of stuff and some Denial Of Service stuff.
http://muse.linuxmafia.org/gshield/
If that is not to your likeing make sure that you load the ftp_conntract_ftp module and do stateful packet inspection.

I don't think gshield get enough press. It has got some good stuff.


Crap. qwijibow beat me to the punch.
Last edited by g-rod; 02-29-2004 at 07:31 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SuSE 9.2 - FTP Port open with no FTP service?!?! don_wombat Linux - Security 12 12-01-2004 03:14 PM
FTP server (Windows) behind NAT (IPtables) SWAT Linux - Newbie 10 01-08-2004 12:54 PM
FTP Service Aldyn Linux - Newbie 4 05-31-2003 01:31 PM
ftp service alwayslearning Linux - Software 14 05-15-2003 06:39 AM
IPTABLES Service timeouts Paul_assheton Linux - Networking 2 04-27-2002 05:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:44 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration