incoming ftp problem
Whit Blauvelt
whit@transpect.com
Fri, 21 Dec 2001 12:45:36 -0500
I can see what's not working, but so far I can't see why. I also have a
(public) DNS server on the firewall, which is working fine, along with a
public Web server.
The log clearly shows the ftp connections being blocked, but I don't see how
to tell what extra rules would allow this - thought the RELATED and
NEW,ESTABLISHED stuff would handle that. But the only thing getting through
is the initial ftp login.
Dec 21 11:38:24 kernel: IN=eth0 OUT= MAC=[] SRC=xx.yy.zz.98 DST=aa.bb.cc.64 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=0 DF PROTO=TCP SPT=33572 DPT=20 WINDOW=0 RES=0x00 ACK RST URGP=0
Dec 21 11:40:00 kernel: IN=eth0 OUT= MAC=[] SRC=xx.yy.zz.98 DST=aa.bb.cc.64 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=0 DF PROTO=TCP SPT=33569 DPT=21 WINDOW=0 RES=0x00 RST URGP=0
Dec 21 11:40:00 kernel: IN=eth0 OUT= MAC=[] SRC=xx.yy.zz.98 DST=aa.bb.cc.64 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=0 DF PROTO=TCP SPT=33569 DPT=21 WINDOW=0 RES=0x00 RST URGP=0
Dec 21 11:40:08 kernel: IN=eth0 OUT= MAC=[] SRC=xx.yy.zz.98 DST=aa.bb.cc.64 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1564 DF PROTO=TCP SPT=33576 DPT=37624 WINDOW=5840 RES=0x00 SYN URGP=0
Dec 21 11:40:11 kernel: IN=eth0 OUT= MAC=[] SRC=xx.yy.zz.98 DST=aa.bb.cc.64 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1565 DF PROTO=TCP SPT=33576 DPT=37624 WINDOW=5840 RES=0x00 SYN URGP=0
Dec 21 11:40:17 kernel: IN=eth0 OUT= MAC=[] SRC=xx.yy.zz.98 DST=aa.bb.cc.64 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1566 DF PROTO=TCP SPT=33576 DPT=37624 WINDOW=5840 RES=0x00 SYN URGP=0
Dec 21 11:40:31 kernel: IN=eth0 OUT= MAC=[] SRC=xx.yy.zz.98 DST=aa.bb.cc.64 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=33577 DPT=20 WINDOW=5792 RES=0x00 ACK SYN URGP=0
I've been looking around for docs on interpreting iptables logs, but can't
find any. (It would also be nice to find where to turn off MAC address
logging - just makes it hard to read the important stuff.)
Thanks again,
Whit