liberar FTP no iptables

1. liberar FTP no iptables

removido
(usa Nenhuma)

Enviado em 24/09/2010 - 16:44h

como eu faço p liberar o FTP no iptables?? não estou rodando o server, só quero me conectar, pois estou querendo atualizar as mirrors do slackware e não estou conseguindo

nem pelo slackpkg e nem pelo slapt-get

========================================= REGRA =========================

#!/bin/bash

# Comando IPTables
IPTABLES="/usr/sbin/iptables"

# Interface Internet
INET="eth0"

##################################################################

# Limpando as regras em memória
$IPTABLES -F -t filter
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X -t filter
$IPTABLES -X -t mangle
$IPTABLES -X -t nat
$IPTABLES -Z -t filter
$IPTABLES -Z -t mangle
$IPTABLES -Z -t nat

# Mudando as políticas para DROP
$IPTABLES -t filter -P INPUT DROP
$IPTABLES -t filter -P OUTPUT DROP
$IPTABLES -t filter -P FORWARD DROP

###################################################################

# INPUT
## Manter Conexões Estabelecidas
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# FTP

# -------------------------------------------------------------------------------------------

# OUTPUT
## DNS
$IPTABLES -A OUTPUT -o $INET -p tcp -m multiport --dports 53,5353 -j ACCEPT
$IPTABLES -A OUTPUT -o $INET -p udp -m multiport --dports 53,5353 -j ACCEPT
## HTTP e HTTPS
$IPTABLES -A OUTPUT -o $INET -p tcp -m multiport --dports 80,8080,8081,443 -j ACCEPT
## MSN
$IPTABLES -A OUTPUT -o $INET -p tcp -m multiport --dports 1863,7001 -j ACCEPT
$IPTABLES -A OUTPUT -o $INET -p udp --dport 7001 -j ACCEPT
## Gtalk/Jabber
#$IPTABLES -A OUTPUT -o $INET -p tcp --dport 5222 -j ACCEPT
## Ping
$IPTABLES -A OUTPUT -o $INET -p icmp --icmp-type 8 -j ACCEPT
# FTP
$IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT

# --------------------------------------------------------------------------------------------

# FOWARD
# FTP
$IPTABLES -A FORWARD -p tcp --dport 21 -j ACCEPT

echo "Iptables...[Ok]"

======================== FIM da REGRA =========================

vlw

0 0

Quote

2. Re: liberar FTP no iptables

CaioSerrano
(usa BackTrack)

Enviado em 24/09/2010 - 21:28h

Amigo, mas vc ja tentou conetar ao server normalmente. vc se conecta normal ao serve ftp??
pq é normal que ele venha funcionando 100%

0 0

Quote

3. Re: liberar FTP no iptables

tlaloc
(usa Gentoo)

Enviado em 25/09/2010 - 15:27h

FTP, nesta configuração, já está liberado.
Qual o erro ao tentar atualizar os mirrors?

0 0

Quote

4. Re: liberar FTP no iptables

removido
(usa Nenhuma)

Enviado em 26/09/2010 - 01:02h

root@CASA:/home/douglas# slackpkg update

Updating the package lists...
Downloading...
Downloading ftp://ftp.slackware-brasil.com.br/slackware64-current/ChangeLog.txt..">ftp://ftp.slackware-brasil.com.br/slackware64-current/ChangeLog.txt...
--2010-09-26 00:58:33-- ftp://ftp.slackware-brasil.com.br/slackware64-current/ChangeLog.txt
=> `/tmp/slackpkg.sYhxZn/ChangeLog.txt'
Resolving ftp.slackware-brasil.com.br (ftp.slackware-brasil.com.br)... 200.137.217.134
Connecting to ftp.slackware-brasil.com.br (ftp.slackware-brasil.com.br)|200.137.217.134|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /slackware64-current ... done.
==> SIZE ChangeLog.txt ... 21061
==> PASV ... couldn't connect to 200.137.217.134 port 34413: Connection timed out
Retrying.

===============================

com o slapt-get está funfando, mas o slackpkg não

qual parte liberou o FTP?? o FORWARD ou o OUTPUT

alguem sabe se o slackpkg usa alguma outra porta?

0 0

Quote

5. Re: liberar FTP no iptables

removido
(usa Nenhuma)

Enviado em 29/09/2010 - 22:34h

estou com problema, pois não estou conseguindo fazer o download pelo wget de um server FTP

wget http://wwwmaster.postgresql.org/redir/378/f/source/v9.0.0/postgresql-9.0.0.tar.bz2

ai ele fica tentando e tentando até que o tempo de conexão é esgotado e tenta novamente, e não estou conseguindo nem pelo navegador

0 0

Quote

6. CONSEGUI

removido
(usa Nenhuma)

Enviado em 29/09/2010 - 23:11h

agr está assim a regra

=================================================

#!/bin/bash

# Comando IPTables
IPTABLES="/usr/sbin/iptables"

# Interface Internet
P1="eth0"

###############################
# FUNÇÕES
case $1 in
start) /etc/rc.d/rc.firewall ;;
restart) /etc/rc.d/rc.firewall ;;
stop) # Limpando as regras em memória
$IPTABLES -F -t filter
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X -t filter
$IPTABLES -X -t mangle
$IPTABLES -X -t nat
$IPTABLES -Z -t filter
$IPTABLES -Z -t mangle
$IPTABLES -Z -t nat

# Mudando as políticas para DROP
$IPTABLES -t filter -P INPUT ACCEPT
$IPTABLES -t filter -P OUTPUT ACCEPT
$IPTABLES -t filter -P FORWARD ACCEPT
;;
'') echo "carregando firewall..." ;;
*) echo "{start|stop|restart}" && exit 1 ;;
esac

##################################################################

# Limpando as regras em memória
$IPTABLES -F -t filter
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X -t filter
$IPTABLES -X -t mangle
$IPTABLES -X -t nat
$IPTABLES -Z -t filter
$IPTABLES -Z -t mangle
$IPTABLES -Z -t nat

# Mudando as políticas para DROP
$IPTABLES -t filter -P INPUT DROP
$IPTABLES -t filter -P OUTPUT DROP
$IPTABLES -t filter -P FORWARD DROP

###################################################################

modprobe nf_nat_ftp
modprobe nf_conntrack_ftp

###################################################################

# INPUT

# Liberar lo
$IPTABLES -A INPUT -i lo -j ACCEPT
# Manter Conexões Estabelecidas
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# FTP ----------------------------------------------------------------------------------
$IPTABLES -A INPUT -i eth0 -p tcp -s 0/0 --dport 21 -j ACCEPT
# Habilita tranferência de FTP ativo
$IPTABLES -A INPUT -i eth0 -p tcp -s 0/0 --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Habilita transferência de FTP passivo
$IPTABLES -A INPUT -i eth0 -p tcp -s 0/0 --sport 1025:65535 --dport 1025:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT

# SAMBA ----------------------------------------------------------------------------------
$IPTABLES -A INPUT -i $P1 -p tcp -m multiport --dports 445,139 -j ACCEPT
$IPTABLES -A INPUT -i $P1 -p udp -m multiport --dports 137,138 -j ACCEPT

# CUPS ----------------------------------------------------------------------------------
$IPTABLES -A INPUT -s 192.168.1.0/24 -p tcp --dport 631 -j ACCEPT

# ===============================================================================================================

# OUTPUT

# DNS ----------------------------------------------------------------------------------
$IPTABLES -A OUTPUT -o $P1 -p tcp -m multiport --dports 53,5353 -j ACCEPT
$IPTABLES -A OUTPUT -o $P1 -p udp -m multiport --dports 53,5353 -j ACCEPT

# HTTP e HTTPS ----------------------------------------------------------------------------------
$IPTABLES -A OUTPUT -o $P1 -p tcp -m multiport --dports 80,8080,8081,443 -j ACCEPT

# MSN ----------------------------------------------------------------------------------
$IPTABLES -A OUTPUT -o $P1 -p tcp -m multiport --dports 1863,7001 -j ACCEPT
$IPTABLES -A OUTPUT -o $P1 -p udp --dport 7001 -j ACCEPT

# Gtalk/Jabber ----------------------------------------------------------------------------------
#$IPTABLES -A OUTPUT -o $INET -p tcp --dport 5222 -j ACCEPT

# Ping ----------------------------------------------------------------------------------
$IPTABLES -A OUTPUT -o $P1 -p icmp --icmp-type 8 -j ACCEPT

# FTP ----------------------------------------------------------------------------------
$IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT

# SAMBA ----------------------------------------------------------------------------------
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# ===============================================================================================================

# FOWARD

# Contra DoS: ----------------------------------------------------------------------------------
# Protege contra os ataques do tipo Syn-flood
$IPTABLES -A FORWARD -p tcp --syn -m limit --limit 10/s -j ACCEPT
$IPTABLES -A FORWARD -p tcp --syn -j DROP

# FTP ----------------------------------------------------------------------------------
$IPTABLES -A FORWARD -p tcp -s 192.168.1.0/24 --dport 21 -j ACCEPT

# SAMBA ----------------------------------------------------------------------------------

echo "Iptables...[Ok]"

===================================================

tive que carregar os modulos

modprobe nf_nat_ftp
modprobe nf_conntrack_ftp

0 0

Quote