[ILUG-BOM] FTP and Ipchains

Krishna Dagli kdagli@[EMAIL-PROTECTED]
Wed Apr 7 18:01:13 IST 2004


Rajendra Rait wrote:
> Hi Gurus,
> 
> I am using Red Hat Linux 7.0 which acts as an proxy
> server(Transparent Squid), and firewall server(Ipchains). I use
> dial-up connection. My problem is whenever i connect to an ftp site my
> get this error:-
> 
> ~ Login completed.
> 
>>PORT 10,1,11,11,8,230
> 
> < 500 Illegal PORT Command
> ~ Could not retrieve directory listing for "/"
> 
> Below is my firewall rules:-
> 
> :input ACCEPT
> :forward ACCEPT
> :output ACCEPT
> :pbi -
> -A input -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 80:80 -p 6 -j
> REDIRECT 3128
> 
> -A input -i ppp0 -p tcp --dport 23 -j DENY
> -A input -i ppp0 -p tcp --syn -j DENY
> -A forward -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 -i ppp0 -j pbi
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 22:22 -p 6 -j MASQ
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 21:21 -p 6 -j MASQ
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 23:23 -p 6 -j MASQ
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 25:25 -p 6 -j MASQ
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 110:110 -p 6 -j
> MASQ
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 443:443 -p 6 -j
> MASQ
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 5050:5050 -p 6 -j
> MASQ
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 5100:5100 -p 6 -j
> MASQ
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 8383:8383 -p 6 -j
> MASQ
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 3128:3128 -p 6 -j
> MASQ
> -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 1863:1863 -p 6 -j
> MASQ
> 
> Please let me know what is wrong in my rule, so that ftp-sites can
> connect smoothly.

Can't remember, dont we require some ftp module loaded. Check 
/lib/modules/version/ipv4/ and see if there is some ftp related 
module, load and then check.

-Krishna.







More information about the Linuxers mailing list