ftp behind iptables fw
heya
hi there! i am netadmin @ my student's home and been with linux for only half a year now (win2k lover sitting here) and now i am sitting in front of the fw. its a linux iptables based fw and i want to run a ftp behind the fw, everyone in the students home, every user got his own static ip adress, so i want to know how to allow traffic coming to my ip on a specific port is being let through by the fw. i appreciate input and maybe suggestions for a ftpd :) cya phat |
I use proftp
are all the allowable IPs in the same subnet? if so, you could use something like: iptables -A INPUT -p tcp -s x.x.x.x/x -i eth0 -dport 21 -j ACCEPT iptables -A INPUT -p udp -s x.x.x.x/x -i eth0 -dport 21 -j ACCEPT where x.x.x.x/x is the subnet/size and eth0 is to be replaced with your outward facing interface if not, you'd have to do: iptables -A INPUT -p tcp -s x.x.x.x -i eth0 -dport 21 -j ACCEPT iptables -A INPUT -p udp -s x.x.x.x -i eth0 -dport 21 -j ACCEPT for each allowable IP address, where x.x.x.x is the IP to allow and eth0 is to be replaced with your outward facing IP address there's a good tutorial here: http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html It has a simple setup for dropping everything apart from the connections you want, but doesn't allow for dropping everything not from specific IPs. A combination of what I've said and what's there should get you going. |
All times are GMT -5. The time now is 10:17 AM. |