FTP..

Christopher Wagner chrisw at pacaids.com
Wed Apr 3 11:16:21 PST 2002


Cool.  Thanks Frank! :)

- Christopher Wagner
chrisw at pacaids.com

Packaging Aids Corporation - Information Systems
P.O. Box 9144
San Rafael, CA 94912-9144
http://www.pacaids.com/
(415) 454-4868 x116


-----Original Message-----
From: E Frank Ball [mailto:frankb at efball.com]
Sent: Wednesday, April 03, 2002 11:05 AM
To: talk at nblug.org
Subject: Re: FTP..


On Wed, Apr 03, 2002 at 10:41:48AM -0800, Christopher Wagner wrote:
} Hi Mark..  Thanks for responding..
}
} When I do a set passive on, it still gives me connection refused..
}
} ipchains appears to still be working even with my 2.4.9 kernel.  I'm not
} keeping up very well with the latest firewalling stuff, iptables is kind
of
} intimidating to me, I'm not sure what exactly I'm supposed to do with it,
it
} is installed on my box, though.
}
} I stopped ipchains, ftp then worked as it should.  I'm puzzled, this is my
} /etc/sysconfig/ipchains:
} :input ACCEPT
} :forward ACCEPT
} :output ACCEPT
} -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
} -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
} -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
} -A input -s 10.0.0.67 -d 0/0 21 -p tcp -y -j ACCEPT
} -A input -s 63.113.184.230 -d 0/0 20 -p tcp -y -j ACCEPT
} -A input -s 63.113.184.230 -d 0/0 21 -p tcp -y -j ACCEPT

Is ssh, smtp, or http working?  What are all the -y arguments for?  -y
means only accept syn packets.  Try it without -y

} -A input -s 0/0 -d 0/0 -p tcp -y -j REJECT

Keep this -y

see:
http://nblug.org/firewall/firewall

It's a ipchains firewall script I wrote that makes a good starting
point.  It's the basis for what I'm still using.  I see a lot of
problems with what your doing.

http://nblug.org/firewall/

--

   E Frank Ball                frankb at efball.com



More information about the talk mailing list