Consentire l'FTP attivo e passivo con iptables: Difference between revisions

Latest revision as of 11:41, 30 April 2008

FTP Server

Nel caso si hosti un server FTP in una Lan e lo si voglia rendere accessibile tramite nat:

Caricare il modulo IMPORTANTE

modprobe ip_nat_ftp

Fare i port mapping necessari

Aprire le porte come indicato dal documento Active FTP vs. Passive FTP, a Definitive Explanation

FTP Client

Per consentire l'FTP client attivo e passivo da una Lan,

Caricare il modulo

modprobe ip_conntrack_ftp

Inserire le seguenti regole:



        # ------------------------------------------------------------------
        # FTP client (21 20 + passive)
        # ------------------

        # Allow ftp outbound.
        $IPTABLES -A FORWARD \
                 -p tcp \
                 -i $LAN0_IF -s $LAN0_NET --sport $UNPRIVPORTS \
                 -o $WAN0_IF --dport 21 \
                 -m state --state NEW,ESTABLISHED -j ACCEPT

        # 1) Active ftp.
        $IPTABLES -A FORWARD  \
                  -p tcp \
                  -i $WAN0_IF --sport 20 \
                  -m state --state ESTABLISHED,RELATED -j ACCEPT

        $IPTABLES -A FORWARD \
                  -p tcp \
                  -o $WAN0_IF --dport 20 \
                  -m state --state ESTABLISHED -j ACCEPT

        # 2) Passive ftp.
        $IPTABLES -A FORWARD  \
                  -p tcp \
                  -i $WAN0_IF --sport $UNPRIVPORTS \
                  --dport $UNPRIVPORTS \
                  -m state --state ESTABLISHED -j ACCEPT

        $IPTABLES -A FORWARD \
                  -p tcp \
                  -i $LAN0_IF --sport $UNPRIVPORTS \
                  -o $WAN0_IF --dport $UNPRIVPORTS \
                  -m state --state ESTABLISHED,RELATED -j ACCEPT

@@ Line 1: / Line 1: @@
-Per consentire l'FTP attivo e passivo da una Lan, inserire le seguenti regole:
+== FTP Server ==
+Nel caso si hosti un server FTP in una Lan e lo si voglia rendere accessibile tramite nat:
+* Caricare il modulo IMPORTANTE
+ modprobe ip_nat_ftp
+* Fare i port mapping necessari
+* Aprire le porte come indicato dal documento ''[http://www.slacksite.com/other/ftp.html Active FTP vs. Passive FTP, a Definitive Explanation]''
+== FTP Client ==
+Per consentire l'FTP client attivo e passivo da una Lan,
+* Caricare il modulo
+ modprobe ip_conntrack_ftp
+* Inserire le seguenti regole:
 <pre>
-modprobe ip_conntrack_ftp
          # ------------------------------------------------------------------
@@ Line 41: / Line 58: @@
 == Riferimenti ==
-*[http://www.sns.ias.edu/~jns/files/iptables_ruleset James Stephens » Iptables - Example Firewall Rulesets:]
+*[http://www.linuxquestions.org/questions/linux-networking-3/dnating-ftp-server-with-iptables-584049/  DNATing ftp server with iptables - LinuxQuestions.org]
+*[http://www.slacksite.com/other/ftp.html Active FTP vs. Passive FTP, a Definitive Explanation]
+*[http://www.sns.ias.edu/~jns/files/iptables_ruleset James Stephens » Iptables - Example Firewall Rulesets]

Consentire l'FTP attivo e passivo con iptables: Difference between revisions

Latest revision as of 11:41, 30 April 2008

FTP Server

FTP Client

Riferimenti

Navigation menu

Search