03-20-2002
For those who want to know, here is the iptables rule to block ftp connection requests from one side, and allow the request from the other:
# ftp control connection
iptables -A FORWARD -i eth1 -o eth0 -p TCP --sport 1024:65535 --dport ftp -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -p TCP ! --syn --sport ftp --dport 1024:65535 -j ACCEPT
! --syn
Means, there's no connection request. Therefore, the packet can continue it's way through the firewall.
Just in case somebody wants to know.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have allready opened a thread about this, but my question was really weird formed, so I'm writting it here again:
I have a Network with 4 FTP Servers, then a firewall, and then a Network with clients. The clients should have access to the FTP Servers, but it should not be possible to connect... (2 Replies)
Discussion started by: sTorm
2 Replies
2. Shell Programming and Scripting
I need help on the code below. I am getting a compile error
syntax error at line 283 : `<<' unmatched
Looks like it doesn't like the << on the ftp line below. If I ran the code outside of this block everything work fine, but when I put in a block of code or in a function, I got syntax error. I... (1 Reply)
Discussion started by: leemjesse
1 Replies
3. Solaris
Hi Friends,
I would like to block the root user for doing ftp. As I am aware that I need to put the entry for root in /etc/ftpusers.....am I right...??? But I am not able to edit the file & even more command is not working.
#ls -l ftp*
total 14
-rw-r--r-- 1 root sys 1249 Jun... (3 Replies)
Discussion started by: jumadhiya
3 Replies
4. UNIX for Dummies Questions & Answers
Could anyone provide information on how to block a specific client machine from being able to log onto anonymous ftp? (10 Replies)
Discussion started by: dennisheazle
10 Replies
5. Shell Programming and Scripting
Hi everybody. I have the next scenary:
eth0: WAN
eth1: DMZ
eth2: LAN
I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles.
I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies
6. AIX
Hello everyone
I create a file /etc/ftpusers to block users. I put the names of the users and I refresh the service inetd.
My question is the user still log in by ftp.???? What I miss
Thanks for your opinions.
Greetings (2 Replies)
Discussion started by: lo-lp-kl
2 Replies
7. UNIX for Dummies Questions & Answers
I have set up a firewall on my centOS 5.6 box. I copied it from info I found online related to web servers. Everything seems to work fine but my ftp from my LAN. I am not able to ftp into the directories at all. I have the box set up as a test web server. Here is my iptable:
I have opened ports... (7 Replies)
Discussion started by: ktb231
7 Replies
8. Red Hat
Hi,
Following is the output of iptables -S command
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -s 192.168.0.5/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.5/32 -p udp -m udp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 20 -j... (3 Replies)
Discussion started by: shahdharmit
3 Replies
9. IP Networking
I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop.
In active mode : 20,21 must be open from server site. 1023 and over must be open at client site.
In passive mode : only 21,1023 and over must be... (1 Reply)
Discussion started by: getrue
1 Replies
10. IP Networking
I have a pretty stock iptables script. One rule allows active ftp from an outside IP address. To troubleshoot it, I opened up ftp to all connections from the outside.
When a user outside our domain connects via FTP, they are denied. If I flush the rules, the ftp takes place successfully. This... (2 Replies)
Discussion started by: bricoleur
2 Replies
LEARN ABOUT DEBIAN
arpspoof
ARPSPOOF(8) System Manager's Manual ARPSPOOF(8)
NAME
arpspoof - intercept packets on a switched LAN
SYNOPSIS
arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host
DESCRIPTION
arpspoof redirects packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies. This
is an extremely effective way of sniffing traffic on a switch.
Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time.
OPTIONS
-i interface
Specify the interface to use.
-c own|host|both
Specify which hardware address t use when restoring the arp configuration; while cleaning up, packets can be send with the own
address as well as with the address of the host. Sending packets with a fake hw address can disrupt connectivity with certain
switch/ap/bridge configurations, however it works more reliably than using the own address, which is the default way arpspoof cleans
up afterwards.
-t target
Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts.
-r Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with -t)
host Specify the host you wish to intercept packets for (usually the local gateway).
SEE ALSO
dsniff(8), fragrouter(8)
AUTHOR
Dug Song <dugsong@monkey.org>
ARPSPOOF(8)