Re: FTP and Firewall



On Feb 20, 1:43 am, Stephane M <Steph...@xxxxx> wrote:
Hi,

I wish to use my Firewall

I am using CentOS v 4.4 and I did use the Firewall setup available on
the GYI
[ Enable the Firewall and Accept FTP, WWW ]

1) the web works fine !!1

2) The FTP site doesn't work
I edit my /etc/sysconfig/iptables

- A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j
ACCEPT

- Is there something wrong with that ?

3) All this settings are configure via their port.
Now, suppose that I wish to disable (or Enable) an application like SAMBA
- How can I do that ?

Thanks very much for your help

Stephane


Unless you are very familiar with how iptables work, editing /etc/
sysconfig/iptables is not usually the best option. Instead you can use

iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p udp --dport 21 -j ACCEPT

Also, after making any changes to your firewall rules, do a
service iptables save --> saves the rules ( puts a copy of the old
rules in /etc/sysconfig/iptables.save)
and make sure firewall is on in the appropriare levels ( chkconfig --
list iptables)


As to your question regarding samba. Samba allows access control
through it's configuration file. Check man smb.conf for various
options you can use within it's conf file to restrict users and/ or
hosts.

hth,
Kalyan

.



Relevant Pages

  • Re: Feedback solicited - best way to harden a mail/web server?
    ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ...
    (comp.os.linux.security)
  • Re: EMERGENCY - need to secure my server against an ongoing SPAMMER
    ... computer with a broadband connection. ... that IP range will prevent that spammer from wasting your systems ... This approach eventually makes your firewall machine so busy it has ... A better approach is to use IPTables to deny ALL inbound attempts to ...
    (Fedora)
  • linux - iptable firewall DNS question
    ... When my firewall is active, i am unable to use name solving features from my ... iptables -P INPUT ACCEPT ... # $ipnet -> adresse ip de l'interface connectée à internet ... echo ACCES AU FIREWALL DEPUIS LOCAL ...
    (comp.security.firewalls)
  • Re: firestarter start failure?
    ... It writes to iptables firewall rules, and then is done, ... unless gui is open. ... Do I have to start Firestarter after I have rebooted? ... When Firestarter is installed from a package, the firewall ...
    (Ubuntu)
  • Clearing up some security "jargon"
    ... The kernel supplies the iptables service, which is by default, ... There is no need to "turn on" a firewall. ... Consider the package "ufw", a tool that some people say can ... Consider Firestarter. ...
    (Ubuntu)