Hi,

I can FTP from my RHL 7.0 machine.

I am running on it a ipchains firewall, behind which sit several Windows
based machines.

I have an FTP server running on port 21 on one of the Windows machines.

People who FTP in to my external IP, (the RHL box), can't FTP in right.

There is an initial communication, but they never get in all the way.

They just end up timing out on their end.

I think I have a problem with my portfw syntax or content.

Here is what I have in my firewall script:

This is under my MASQing section :

/usr/sbin/ipmasqadm portfw -a -P tcp -L $IPADDR 21 -R $WS1 21



The following is found later :

# FTP server (21)
# ---------------

# incoming request
ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp  \
--source-port $UNPRIVPORTS \
-d $IPADDR 21 -j ACCEPT

ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR 21 \
--destination-port $UNPRIVPORTS -j ACCEPT


# PORT MODE data channel responses
ipchains -A output ii $EXTERNAL_INTERFACE -p tcp  \
-s $IPADDR 20 \
--destination-port $UNPRIVPORTS -j ACCEPT

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
--source-port $UNPRIVPORTS \
-d $IPADDR 20 -j ACCEPT


# FTP client (21)
# ---------------

outgoing request
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
-s $IPADDR $UNPRIVPORTS \
--destination-port 21 -j ACCEPT

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
--source-port 21 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT


# PORT mode data channel
ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp  \
--source-port 20 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT

ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR $UNPRIVPORTS \
--destination-port 20 -j ACCEPT

# ------------------------------------------------------------------

[ Post a follow-up to this message ]

On Mon, 26 Apr 2004 16:20:25 -0400 Barbara wrote:

> Hi,
>
> I can FTP from my RHL 7.0 machine.
>
> I am running on it a ipchains firewall, behind which sit several Windows
> based machines.
>
> I have an FTP server running on port 21 on one of the Windows machines.
>
> People who FTP in to my external IP, (the RHL box), can't FTP in right.
>
> There is an initial communication, but they never get in all the way.
>
> They just end up timing out on their end.
>
> I think I have a problem with my portfw syntax or content.
>
> Here is what I have in my firewall script:
>
> This is under my MASQing section :
>
> /usr/sbin/ipmasqadm portfw -a -P tcp -L $IPADDR 21 -R $WS1 21

Let the remote users use passive FTP mode. And you should exchange your
old RH box with an actual. I hardly doubt your system is not running all
vulnerable applications and a vulnerable kernel.

Alexander


--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416  14CD E197 6E88 ED69 5653

[ Post a follow-up to this message ]