Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-10-2007, 01:55 PM
|
#1
|
Member
Registered: Jun 2006
Location: KSA
Distribution: Slackware 12.2
Posts: 49
Rep:
|
FTP port in the server
Hi all.
I've old pc with slackware 12, and i want to make some security testing (iptables). i can use ssh and samba, but i can't use ftp and nfs.
i don't use tcp_wrappers.
here is my iptables rules:
#!/bin/bash
# Date: 3.Nov.2007
IPTABLES=/usr/sbin/iptables
LOCALNETWORK=192.168.1.0/24
$IPTABLES -F
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p icmp -s $LOCALNETWORK -j ACCEPT
$IPTABLES -A INPUT -p tcp -s $LOCALNETWORK -m multiport --dport 21,22,139,445,2049 -j ACCEPT
$IPTABLES -A INPUT -p udp -s $LOCALNETWORK -m multiport --dport 21,22,137,138,2049 -j ACCEPT
if i flushed all rules and make the default policy is ACCEPT, i can use nfs and ftp.
can u help me?
|
|
|
11-10-2007, 03:49 PM
|
#2
|
Slackware Contributor
Registered: Oct 2004
Location: Tuscaloosa, Alabama (USA)
Distribution: Slackware
Posts: 2,560
|
For ftp usage: modprobe ip_conntrack_ftp
For NFS usage: http://rlworkman.net/howtos/NFS_Firewall_HOWTO
|
|
|
11-11-2007, 04:26 AM
|
#3
|
Member
Registered: Jun 2006
Location: KSA
Distribution: Slackware 12.2
Posts: 49
Original Poster
Rep:
|
Thank you rworkman.
ftp works fine, but clients (without any firewall rules) can't connect to mount NFS file exported in this machine.
look at my firewall rules after opening another ports.
#!/bin/bash
# Date: 3.Nov.2007
## load ip_conntrack_ftp module
/sbin/modprobe ip_conntrack_ftp
IPTABLES=/usr/sbin/iptables
LOCALNETWORK=192.168.1.0/24
$IPTABLES -F
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p icmp -s $LOCALNETWORK -j ACCEPT
## OpenSSH
$IPTABLES -A INPUT -p tcp -s $LOCALNETWORK --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p udp -s $LOCALNETWORK --dport 22 -j ACCEPT
## FTP
$IPTABLES -A INPUT -p tcp -s $LOCALNETWORK --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p udp -s $LOCALNETWORK --dport 21 -j ACCEPT
## SAMBA
$IPTABLES -A INPUT -p tcp -s $LOCALNETWORK -m multiport --dport 139,445 -j ACCEPT
$IPTABLES -A INPUT -p udp -s $LOCALNETWORK -m multiport --dport 137,138 -j ACCEPT
## NFS
$IPTABLES -A INPUT -p tcp -s $LOCALNETWORK -m multiport --dport 861,863,865,1110,2049,4045 -j ACCEPT
$IPTABLES -A INPUT -p udp -s $LOCALNETWORK -m multiport --dport 861,863,865,1110,2049,4045 -j ACCEPT
there is another question.
How can i know what's port i need to open it to make service work? e.g samba need 139,445 on tcp and 137,138 on udp.
/etc/service show me a lot of port for NFS,SAMBA and so on.
Thank you.
|
|
|
11-11-2007, 11:27 PM
|
#4
|
Member
Registered: Jun 2006
Location: KSA
Distribution: Slackware 12.2
Posts: 49
Original Poster
Rep:
|
any suggestion?
I'm waiting.....
|
|
|
11-11-2007, 11:42 PM
|
#5
|
Slackware Contributor
Registered: Oct 2004
Location: Tuscaloosa, Alabama (USA)
Distribution: Slackware
Posts: 2,560
|
For NFS, you need to start the relevant services on both ends of the connection, and you'll need to refer to that other document I mentioned above; without more specific information on what you need, I don't know what other suggestions you might want.
Read the docs, try to implement what you need, and if you run into specific issues, then ask.
|
|
|
All times are GMT -5. The time now is 05:00 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|