ftp server + firewall

Τεχνικές και μόνο Συζητήσεις για WEB hosting servers, Mail servers, DNS servers. Όχι αναζήτηση υπηρεσιών εδώ!

Συντονιστές: WebDev Moderators, Super-Moderators

Απάντηση
AlexanderTheGr
Δημοσιεύσεις: 153
Εγγραφή: 11 Ιούλ 2003 04:22
Επικοινωνία:

ftp server + firewall

Δημοσίευση από AlexanderTheGr » 31 Αύγ 2005 01:48

Exo ftikasei ena server ston opoion ton exo steisei se Linux (Slackware)

Trexo enan ftp server (proftpd) kai exo steisei kai ena firewall me basi to iptables

To problima parousiazete otan prospatho na syndetho me ton ftp server kai kai bgazei to eksis lathos
Connecting to 192.168.1.3
Connected to 192.168.1.3 -> IP=192.168.1.3 PORT=21
220 ProFTPD 1.2.9 Server (ProFTPD Default Installation)
USER alex
331 Password required for alex.
PASS (hidden)
230 User alex logged in.
SYST
215 UNIX Type: L8
REST 100
350 Restarting at 100. Send STORE or RETRIEVE to initiate transfer
REST 0
350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer
CWD /alex/
250 CWD command successful.
PWD
257 "/alex" is current directory.
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (192,168,1,3,128,25).
Data Socket Error: Connection timed out
List Error
Proseksa oti to problima entipizete stin firewall alla i port 21 einai anoiktei kai ara den tha eprepe na iparxei problima. Otan ton exo epenergopoihmeno syndeome kanonika

Otan pliktrologo iptables -L: emfanizete to confcuration tou firewall
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,E
STAB
LISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-dat
a
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
LOG_ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
LOG_ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:nicname
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:783
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:3306
ACCEPT all -- localhost anywhere
icmp_packets icmp -- anywhere anywhere
LOG_DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,E
STAB
LISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-dat
a
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:nicname
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:783
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:3306
ACCEPT all -- anywhere localhost
icmp_packets icmp -- anywhere anywhere
LOG_DROP all -- anywhere anywhere

Chain LOG_ACCEPT (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warni
ng t
cp-options ip-options prefix `[IPTABLES ACCEPT] : '
ACCEPT all -- anywhere anywhere

Chain LOG_DROP (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warni
ng t
cp-options ip-options prefix `[IPTABLES DROP] : '
DROP all -- anywhere anywhere

Chain icmp_packets (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- 192.168.1.3 anywhere icmp echo-reque
st
DROP icmp -- anywhere anywhere icmp echo-reque
st
ACCEPT icmp -- anywhere anywhere icmp destinatio
n-un
reachable
ACCEPT icmp -- anywhere anywhere icmp time-excee
ded
Mporei kaneis na me boithisei pou kano to lathos?

Άβαταρ μέλους
metalized
Δημοσιεύσεις: 119
Εγγραφή: 29 Αύγ 2005 11:03

ftp server + firewall

Δημοσίευση από metalized » 30 Σεπ 2005 11:26

an kaneis apo to server soy ftp sto localhost ti vgazei?

se prwti fasi to iptables thexetai tin eiserxomeni ftp sinthesi, afoy se rwtaei gia username klp...

Άβαταρ μέλους
KGP
Honorary Member
Δημοσιεύσεις: 5857
Εγγραφή: 18 Ιούλ 2002 01:50
Τοποθεσία: Mr Wonderful

ftp server + firewall

Δημοσίευση από KGP » 30 Σεπ 2005 11:40

ipopsiazome oti echeis to idio issue pou eicha anaferei edo pera kai den iksere kaneis.

telika einai to antivirus -toulachiston stin diki mou periptosi- kai stin periptosi tou Norton2005 to worm protection.

to kaneis uncheck MONO omos gia oso tha to chriasteis...kaneis tin doulia sou me megali prosochi...kai meta ksana mana to kaneis checked.


gia mcafee kai alla einai pano kato i idia periptosi
*Στην Ελλάδα δεν χρειάζεται να σκέφτεσαι...χάνεις πολύτιμο χρόνο!
*"The power of accurate observation is frequently called cynicism by those who don't have it." -George Bernard Shaw (1856-1950)
*The purpose of argument should not be victory, but progress.

Άβαταρ μέλους
nske
Δημοσιεύσεις: 381
Εγγραφή: 15 Νοέμ 2002 03:39
Τοποθεσία: Αθήνα

ftp server + firewall

Δημοσίευση από nske » 30 Σεπ 2005 23:56

xriazete ke i port 20 gia FTP, mipos tin koveis?

Απάντηση

Επιστροφή στο “Apache, IIS, DNS Servers”

Μέλη σε σύνδεση

Μέλη σε αυτήν τη Δ. Συζήτηση: Δεν υπάρχουν εγγεγραμμένα μέλη και 0 επισκέπτες