Hallo! Peter Wiersig schrieb:
Marc Mc Guinness wrote:
Meine Regeln funktionieren nämlich nicht:
Hm, sollte gehen. Zeig mal "iptables -v -L OUTPUT"
Hätte mich präziser ausdrücken sollen. Ich kann mich einloggen, aber dann kommt das: ================schnipp============================== 230 OK. Current directory is / Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 229 Extended Passive mode OK (|||46752|) ===================================================== Hier hängt er. Nach etwa 6 Minuten erscheint ein: "200 PORT command successful" Dann hängt er wieder. Bis er dann nach weiteren 6 Minuten "421 Service not available, remote server timed out. Connection closed" ausgibt. Hier ist die Ausgabe von iptables -L OUTPUT: ====================schnipp============================================= ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed ACCEPT icmp -- anywhere anywhere icmp port-unreachable ACCEPT tcp -- anywhere anywhere tcp spt:ssh dpts:1024:65535 state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh state NEW,ESTABLISHED ACCEPT udp -- anywhere anywhere udp spt:ntp dpt:ntp ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:pop3 state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:pop3 dpts:1024:65535 state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:smtp state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:smtp dpts:1024:65535 state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:http state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:http dpts:1024:65535 state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:https state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:https dpts:1024:65535 state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:dnp ACCEPT tcp -- anywhere anywhere tcp spt:ndmp ACCEPT tcp -- anywhere anywhere tcp spt:mysql ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:domain state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:domain state NEW,ESTABLISHED ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:time state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:ftp ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data my_reject all -- anywhere anywhere ======================================================================= Gruss, Marc -- FH Furtwangen: http://www.computernetworking.de Linux- und Netzwerkberatung: http://www.teamberatung.org Marc Mc Guinness: http://www.mcguinness.de PGP Public Key Block: http://mcguinness.psychology4u.de/public.txt