Hello all, I was wondering if anybody out there could lend me a hand. I have a firewall box that I just can't get active ftp to work on, passive mode with the rules listed below works great but I just can't build active-ftp rule set that works,
Thanks, Brandon Oliver Tarheel Consulting Company Variables used in rules PRIVPORTS="0:1023" PUBLICPORTS="1024:65535" EXTINT="eth0" #The external interface Current ruleset for FTP #Allow FTP #/sbin/iptables -t nat -A OUTPUT -o $EXTINT -p TCP --sport $PUBLICPORTS \ # --dport 21 -j ACCEPT #/sbin/iptables -t nat -A OUTPUT -o $EXTINT -p TCP --sport $PUBLICPORTS \ # --dport $PUBLICPORTS -j ACCEPT #/sbin/iptables -t nat -A POSTROUTING -o $EXTINT -p TCP \ # --sport $PUBLICPORTS --dport $PUBLICPORTS -j ACCEPT #/sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ # --sport $PUBLICPORTS --dport 21 -j ACCEPT #/sbin/iptables -t nat -A POSTROUTING -o $EXTINT -p TCP \ # --sport $PUBLICPORTS --dport 21 -j ACCEPT #/sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ # --dport $PUBLICPORTS --sport 21 -j ACCEPT #/sbin/iptables -t nat -A OUTPUT -o $EXTINT -p TCP --sport $PUBLICPORTS \ # --dport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT #/sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ # --sport $PUBLICPORTS --dport 20 -m state --state \ # ESTABLISHED,RELATED -j ACCEPT #/sbin/iptables -t nat -A POSTROUTING -o $EXTINT -p TCP \ # --sport $PUBLICPORTS --dport 20 -m state --state \ # ESTABLISHED,RELATED -j ACCEPT #/sbin/iptables -A OUTPUT -o $EXTINT -p TCP --sport $PUBLICPORTS \ # --dport 21 -j ACCEPT #/sbin/iptables -A INPUT -i $EXTINT -p TCP --sport 21 \ # --dport $PUBLICPORTS -j ACCEPT #/sbin/iptables -A OUTPUT -o $EXTINT -p TCP --sport $PUBLICPORTS \ # --dport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT #/sbin/iptables -A INPUT -i $EXTINT -p TCP --sport 20 \ # --dport $PUBLICPORTS -m state --state ESTABLISHED,RELATED \ # -j ACCEPT #echo "FTP allowed"
