dear Sir/Madam,
I have a linux box (sarge) as router/firewall in my organization. At the
moment that Linux box has 3 ethernet cards as follows:
eth0 with public IP
eth1 private subnet
eth2 DMZ and WiFi
I use iptables to forward traffic from Intranet to Internet and
viceversa using a rule such as
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $SERV_EXT
I also enable specific services with rules such as
iptables -A INPUT -i eth2 -s 192.168.3.0/24 -p tcp --dport 22 -m state
--state NEW -j ACCEPT
or
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -m state --state
NEW -j ACCEPT
for any chain I let ESTABLISHED and RELATED connection...
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
and, at the end of each chain (INPUT, OUTPUT and FORWARD), I put
iptables -A INPUT -j DROP
my problem is that I am not able to enable ftp connections ...
Could you help me, please?
thanks, fabrizio.
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment