Linux Router without NAT, ftp problems
LuisMi
luismi@adpsoft.com
Wed, 26 Sep 2001 19:48:57 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi, I am working on a firewall script for a linux router.
Most of the services runs perfectly except FTP as client. I execute a
command (ls) and I always lost the connection :(
I have this rules...
UNPRIVPORTS="1024:65535"
UNPRIVPORTS2=`cat /etc/sysctl.conf | awk '/local_port/{print $3 ":" $4}'`
CUALQUIERA="0.0.0.0/0"
$IPT -A INPUT -p tcp -m state --state ESTABLISHED,RELATED --sport 21 -d $ip_eth0 --dport $UNPRIVPORTS2 -j ACCEPT
$IPT -A INPUT -p tcp -m state --state ESTABLISHED,RELATED --sport 20 -d $ip_eth0 --dport $UNPRIVPORTS2 -j ACCEPT
$IPT -A INPUT -p tcp -m state --state ESTABLISHED,RELATED --sport $UNPRIVPORTS --dport $UNPRIVPORTS2 -j ACCEPT
$IPT -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -s $ip_eth0 --sport $UNPRIVPORTS2 --dport 21 -j ACCEPT
$IPT -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -s $ip_eth0 --sport $UNPRIVPORTS2 --dport 20 -j ACCEPT
$IPT -A OUTPUT -p tcp -m state --state ESTABLISHED,RELATED -s $ip_eth0 --sport $UNPRIVPORTS2 -d $CUALQUIERA --dport $UNPRIVPORTS2 -j ACCEPT
(maybe this rules are incorrect, I am still learning how to work with iptables)
Also I have ip_conntrack_ftp module loaded.
The traffic is...
[...]
18:48:01.718367 192.9.200.10.33770 > 212.89.0.1.ftp: P 158:164(6) ack 3030 win 15804 (DF)
18:48:02.502001 212.89.0.1.ftp > 192.9.200.10.33770: P 3030:3058(28) ack 164 win 32120 (DF)
18:48:02.504380 192.9.200.10.33770 > 212.89.0.1.ftp: P 164:170(6) ack 3058 win 15804 (DF)
18:48:03.269072 212.89.0.1.ftp > 192.9.200.10.33770: P 3058:3102(44) ack 170 win 32120 (DF)
18:48:03.301339 192.9.200.10.33770 > 212.89.0.1.ftp: . ack 3102 win 15804 (DF)
18:48:23.272503 192.9.200.10.33770 > 212.89.0.1.ftp: F 170:170(0) ack 3102 win 15804 (DF)
18:48:24.064322 212.89.0.1.ftp > 192.9.200.10.33770: . ack 171 win 32120 (DF)
18:48:24.070807 212.89.0.1.ftp > 192.9.200.10.33770: F 3102:3102(0) ack 171 win 32120 (DF)
18:48:24.071241 192.9.200.10.33770 > 212.89.0.1.ftp: . ack 3103 win 15804 (DF)
18:48:25.536154 212.89.0.1.ftp > 192.9.200.10.33770: F 3102:3102(0) ack 171 win 32120 (DF)
18:48:25.536647 192.9.200.10.33770 > 212.89.0.1.ftp: . ack 3103 win 15804 (DF)
Can anyone help me?
- --
LuisMi
[ADPSOFT] http://www.adpsoft.com
"Connecting your business"
irc.irc-hispano.org -> #redhat
http://www.flcnet.es/tbe/luismi
Canal IRC para usuarios RedHat Linux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iEYEARECAAYFAjuyFQkACgkQvQHLTzrFJlcENQCfZMd4xM3Oepy2/R6pfQ87PuW0
ufAAnjEUyB563HWNFbw6Q9PhDHpzbNQ7
=wYOu
-----END PGP SIGNATURE-----