FTP..

E Frank Ball frankb at efball.com
Wed Apr 3 11:05:25 PST 2002


On Wed, Apr 03, 2002 at 10:41:48AM -0800, Christopher Wagner wrote:
} Hi Mark..  Thanks for responding..
} 
} When I do a set passive on, it still gives me connection refused..
} 
} ipchains appears to still be working even with my 2.4.9 kernel.  I'm not
} keeping up very well with the latest firewalling stuff, iptables is kind of
} intimidating to me, I'm not sure what exactly I'm supposed to do with it, it
} is installed on my box, though.
} 
} I stopped ipchains, ftp then worked as it should.  I'm puzzled, this is my
} /etc/sysconfig/ipchains:
} :input ACCEPT
} :forward ACCEPT
} :output ACCEPT
} -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
} -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
} -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
} -A input -s 10.0.0.67 -d 0/0 21 -p tcp -y -j ACCEPT
} -A input -s 63.113.184.230 -d 0/0 20 -p tcp -y -j ACCEPT
} -A input -s 63.113.184.230 -d 0/0 21 -p tcp -y -j ACCEPT

Is ssh, smtp, or http working?  What are all the -y arguments for?  -y
means only accept syn packets.  Try it without -y

} -A input -s 0/0 -d 0/0 -p tcp -y -j REJECT

Keep this -y

see:
http://nblug.org/firewall/firewall

It's a ipchains firewall script I wrote that makes a good starting
point.  It's the basis for what I'm still using.  I see a lot of
problems with what your doing.

http://nblug.org/firewall/

-- 

   E Frank Ball                frankb at efball.com



More information about the talk mailing list