RE: [TCLUG:6207] ipchains and RH 6.0

["d. divine" <divine@islandgrp.com>]

$IPCHAINS -A input -i eth1 -p tcp -s 0/0 1025:65535 -d 192.16.x.x/32
1025:65535 ! -y -j ACCEPT

where eth1 is external port and 192.16.x.x is the eth1 ip address

This will allow any passive ftp, real audio etc. Someone else may have some
security concerns about this but it should only allow connections initiated
by your host.


-----Original Message-----
From: Bob Tanner [mailto:tanner@real-time.com]
Sent: Saturday, May 29, 1999 5:07 AM
To: tclug-list@listserv.real-time.com
Subject: [TCLUG:6207] ipchains and RH 6.0


Well, I thought I should make the move to ipchains, since I am now running
RH
6.0. But I have run into a snag.

With ipchains I am unable to figure how to do ftp.

I am not masqurading, just blocking. My workstation has a valid IP address,
I
am just working on the input chain.

After I make an outgoing ftp connection, the ftp server is going to respond
back to me with the ftp-data part, but when I hit my favorite ftp sites,
ipchains is reporting:

May 29 05:04:41 mordent kernel: Packet log: lockdown DENY eth0 PROTO=6
206.10.252.12:4697 206.145.104.172:3248 L=44 S=0x00 I=61415 F=0x0000 T=61

This is me typing dir after I have sucessfully logged into the ftp server.
It
looks like the server is sending back the ftp-data connection on some
random(?) port.

How do I assocate this connection with my inital ftp request?


--
Bob Tanner <tanner@real-time.com>       | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9


---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
For additional commands, e-mail: tclug-list-help@listserv.real-time.com
Try our website: http://tclug.real-time.com