ftp behind iptables fw
 

heya

hi there!

i am netadmin @ my student's home and been with linux for only half a year
now (win2k lover sitting here) and now i am sitting in front of the fw.

its a linux iptables based fw and i want to run a ftp behind the fw, everyone
in the students home, every user got his own static ip adress,
so i want to know how to allow traffic coming to my ip on a specific port
is being let through by the fw.

i appreciate input and maybe suggestions for a ftpd :)

cya
phat

I use proftp
are all the allowable IPs in the same subnet?
if so, you could use something like:
iptables -A INPUT -p tcp -s x.x.x.x/x -i eth0 -dport 21 -j ACCEPT
iptables -A INPUT -p udp -s x.x.x.x/x -i eth0 -dport 21 -j ACCEPT
where x.x.x.x/x is the subnet/size and eth0 is to be replaced with your outward facing interface

if not, you'd have to do:
iptables -A INPUT -p tcp -s x.x.x.x -i eth0 -dport 21 -j ACCEPT
iptables -A INPUT -p udp -s x.x.x.x -i eth0 -dport 21 -j ACCEPT
for each allowable IP address, where x.x.x.x is the IP to allow and eth0 is to be replaced with your outward facing IP address

there's a good tutorial here: http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html

It has a simple setup for dropping everything apart from the connections you want, but doesn't allow for dropping everything not from specific IPs. A combination of what I've said and what's there should get you going.