Re: FTP and Firewall

On Tue, 20 Feb 2007 15:33:13 +0000, StephaneM wrote:

Kalyan Manchikanti wrote:
On Feb 20, 1:43 am, Stephane M <Steph...@xxxxx> wrote:
Hi,

I wish to use my Firewall

I am using CentOS v 4.4 and I did use the Firewall setup available on
the GYI
[ Enable the Firewall and Accept FTP, WWW ]

1) the web works fine !!1

2) The FTP site doesn't work
I edit my /etc/sysconfig/iptables

- A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21
-j ACCEPT

- Is there something wrong with that ?

3) All this settings are configure via their port. Now, suppose that I
wish to disable (or Enable) an application like SAMBA - How can I do
that ?


Unless you are very familiar with how iptables work, editing /etc/
sysconfig/iptables is not usually the best option. Instead you can use

iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p udp
--dport 21 -j ACCEPT

Also, after making any changes to your firewall rules, do a service
iptables save --> saves the rules ( puts a copy of the old rules in
/etc/sysconfig/iptables.save) and make sure firewall is on in the
appropriare levels ( chkconfig -- list iptables)

As to your question regarding samba. Samba allows access control
through it's configuration file. Check man smb.conf for various options
you can use within it's conf file to restrict users and/ or hosts.


Sorry but it doesn't work
I browsed the web and I found some other way. Here is what I have....
but it doesn't work.... I have no idea what is wrong
HTTP works fine..
vSFTPD doesn't work out :-(

If the FTP client you're using drops to passive mode connections to ports
20 and 21 aren't enough. Passive mode creates a connection from
unprivileged ports to unprivileged ports.

The best way I've found to troubleshoot firewall issues is a combination
of using wireshark to port scan while a connection is being made and watch
for broken handshakes; and opening up and xterm and running tail -f
/var/log/messages which will display any blocked traffic in real time
assuming you have logging set up properly.


.

Relevant Pages

  • Re: EMERGENCY - need to secure my server against an ongoing SPAMMER
    ... computer with a broadband connection. ... that IP range will prevent that spammer from wasting your systems ... This approach eventually makes your firewall machine so busy it has ... A better approach is to use IPTables to deny ALL inbound attempts to ...
    (Fedora)
  • Re: 72.14.207.104
    ... > remembers the connection and passes it through. ... > closed the browser before the response came back you would get this sort ... While not saying your should ignore that issue, an iptables firewall by ... I would say I have at best an intermediate level capability with iptables. ...
    (comp.os.linux.security)
  • Re: Another VPN Issue...Say it aint so...
    ... click on "Services and Ports." ... Now how can I configure the firewall within ... but this time disable Firewall and redo remote access ... to make sure I get a good snap-in connection and see what goes on?!? ...
    (microsoft.public.windows.server.sbs)
  • Re: WDSC, VPN, and RPG Editing
    ... this) and so it drops the ethernet connection. ... to do with firewalls or other ports. ... do with the firewall on my router and the ports that are/aren't ... workstation to port 446 on the iSeries server. ...
    (comp.sys.ibm.as400.misc)
  • AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... Does it have somehting to dow the Firewall ... with spyware services and adsites, the latter of which can be worse ... What ports are open? ... routers do absolutely zero as far as preventing outbound connection ...
    (comp.security.firewalls)