luiswallau
(usa Red Hat)
Enviado em 01/11/2010 - 09:14h
A minha duvida é referente ao oque está acontecendo abaixo:
################################################################################
####conexão fora do firewall###
###############################
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\luis.augusto>ftp ip_do_servidor
Connected to ip_do_servidor.
220 Microsoft FTP Service
User (ip_do_servidor:(none)): nome_usuario
331 Password required for nome_usuario.
Password:
230 User logged in.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection.
Assis Brasil.txt
Camaqua.txt
Matriz.txt
Padre Cacique.txt
226 Transfer complete.
ftp: 62 bytes received in 0,00Seconds 62000,00Kbytes/sec.
ftp> exit
Invalid command.
ftp> bye
221 Goodbye.
###############################
####conexão através do firewall###
###############################
C:\Users\luis.augusto>ftp ip_do_servidor
Connected to ip_do_servidor.
220 Microsoft FTP Service
User (ip_do_servidor:(none)): nome_usuario
331 Password required for nome_usuario.
Password:
230 User logged in.
ftp> ls
501 Server cannot accept argument.
150 Opening ASCII mode data connection.
################################################################################
Ocorre que quando eu listo os arquivos do ftp fora do firewall ele lista os arquivos, mas quando estou passando pelo firewall ele não lista e ocorre o erro mostrado nas duas ultimas linhas. Minha pergunta é para conexões FTP no caso listar, fazer download etc, preciso acrescentar uma regra para liberar no iptables ou no squid, sendo que não tem nenhuma restrição no iptables e nem no squid. No squid a acl que libera a porta 21 ftp está ok e no iptables tambem, abaixo a regra do iptables.
#################################################
# Libera porta FTP
#################################################
-A INPUT -p udp --dport 21 -j ACCEPT
-A INPUT -p udp --dport 20 -j ACCEPT
-A FORWARD -p tcp--dport 21 -j ACCEPT
-A FORWARD -p udp--dport 21 -j ACCEPT
-A FORWARD -p tcp--dport 20 -j ACCEPT
-A FORWARD -p udp--dport 20 -j ACCEPT
# COMMIT filter
COMMIT