Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Iptables -Rules Problem
  • From: Nils Wunsch <nils.wunsch@xxxxxxx>
  • Date: Wed, 2 Jan 2002 13:17:48 +0100
  • Message-id: <20020102131748.798817f1.nils.wunsch@xxxxxxx>

Hello of people

I require first a healthy new year 2002 to you.

here the Rules tunes my question

# time

iptables -t filter -A INPUT -i eth0 -p udp -s 0/0 --sport $b_port -d $A_NET --dport 123 -j ACCEPT
iptables -t filter -A OUTPUT -o eth0 -p udp -s 0/0 --sport $b_port -d $A_NET --dport 123 -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -o eth0 -p udp -s $A_NET --sport $b_port -d ! $A_NET --dport 123 -j ACCEPT
iptables -t filter -A FORWARD -o eth0 -i eth0 -p udp -s $A_NET --sport $b_port -d ! $A_NET --dport 123 -j ACCEPT

b_port = b_port=1024:65535 A_NET = extip

Input and output is out-commentated.

thanks for your assistance.

On Wed, 2 Jan 2002 13:36:03 +0100
mk@xxxxxxxxxxxxxx wrote:

> Hello List,
> I'm trying to connect to any outside FTP with a aktive ftp conx type from a
> client
> behind the supposed firwall but that doesnt work, only passive is allowed.
> I understand the basics with in/output and forwarding, all my supposed
> sercies
> are working in and outgoing, from my firewall i can connect aktiv or passive
> ftp out and vice versa but not from the client behind.
> It doesnt matter if I allow all new connections to input or forward, the
> only
> difference is that ftp_data is not appearing in the log anymore ????, the
> ip_conntrack_ftp module is loaded.
> Does anybody discover the same problem or has a fix/sample for this case ???
> Many thx i adv
> Matthias Krauss

~VIPEX Internet Presence GmbH
BrĂ¼sseler Str. 89 - 93
D-50672 Cologne

fon +49-221-5 79 77-29
fax +49-221-5 79 77-22



< Previous Next >
This Thread