|
Home > Archive > Red Hat Configuration > April 2004 > Serious Port Forwarding Help Needed - RHL 7 portfw, and ipchains
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Serious Port Forwarding Help Needed - RHL 7 portfw, and ipchains
|
|
| Barbara 2004-04-26, 4:35 pm |
| Hi,
I can FTP from my RHL 7.0 machine.
I am running on it a ipchains firewall, behind which sit several Windows
based machines.
I have an FTP server running on port 21 on one of the Windows machines.
People who FTP in to my external IP, (the RHL box), can't FTP in right.
There is an initial communication, but they never get in all the way.
They just end up timing out on their end.
I think I have a problem with my portfw syntax or content.
Here is what I have in my firewall script:
This is under my MASQing section :
/usr/sbin/ipmasqadm portfw -a -P tcp -L $IPADDR 21 -R $WS1 21
The following is found later :
# FTP server (21)
# ---------------
# incoming request
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
--source-port $UNPRIVPORTS \
-d $IPADDR 21 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR 21 \
--destination-port $UNPRIVPORTS -j ACCEPT
# PORT MODE data channel responses
ipchains -A output ii $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR 20 \
--destination-port $UNPRIVPORTS -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
--source-port $UNPRIVPORTS \
-d $IPADDR 20 -j ACCEPT
# FTP client (21)
# ---------------
outgoing request
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
--destination-port 21 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
--source-port 21 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
# PORT mode data channel
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
--source-port 20 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR $UNPRIVPORTS \
--destination-port 20 -j ACCEPT
# ------------------------------------------------------------------
| |
| Alexander Dalloz 2004-04-26, 5:35 pm |
| On Mon, 26 Apr 2004 16:20:25 -0400 Barbara wrote:
> Hi,
>
> I can FTP from my RHL 7.0 machine.
>
> I am running on it a ipchains firewall, behind which sit several Windows
> based machines.
>
> I have an FTP server running on port 21 on one of the Windows machines.
>
> People who FTP in to my external IP, (the RHL box), can't FTP in right.
>
> There is an initial communication, but they never get in all the way.
>
> They just end up timing out on their end.
>
> I think I have a problem with my portfw syntax or content.
>
> Here is what I have in my firewall script:
>
> This is under my MASQing section :
>
> /usr/sbin/ipmasqadm portfw -a -P tcp -L $IPADDR 21 -R $WS1 21
Let the remote users use passive FTP mode. And you should exchange your
old RH box with an actual. I hardly doubt your system is not running all
vulnerable applications and a vulnerable kernel.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
|
|
|
|
|