Consentire l'FTP attivo e passivo con iptables

From RVM Wiki
Revision as of 12:58, 31 May 2006 by Gabriele.vivinetto (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Per consentire l'FTP attivo e passivo da una Lan, inserire le seguenti regole: 

modprobe ip_conntrack_ftp

        # ------------------------------------------------------------------
        # FTP client (21 20 + passive)
        # ------------------

        # Allow ftp outbound.
        $IPTABLES -A FORWARD \
                 -p tcp \
                 -i $LAN0_IF -s $LAN0_NET --sport $UNPRIVPORTS \
                 -o $WAN0_IF --dport 21 \
                 -m state --state NEW,ESTABLISHED -j ACCEPT

        # 1) Active ftp.
        $IPTABLES -A FORWARD  \
                  -p tcp \
                  -i $WAN0_IF --sport 20 \
                  -m state --state ESTABLISHED,RELATED -j ACCEPT

        $IPTABLES -A FORWARD \
                  -p tcp \
                  -o $WAN0_IF --dport 20 \
                  -m state --state ESTABLISHED -j ACCEPT

        # 2) Passive ftp.
        $IPTABLES -A FORWARD  \
                  -p tcp \
                  -i $WAN0_IF --sport $UNPRIVPORTS \
                  --dport $UNPRIVPORTS \
                  -m state --state ESTABLISHED -j ACCEPT

        $IPTABLES -A FORWARD \
                  -p tcp \
                  -i $LAN0_IF --sport $UNPRIVPORTS \
                  -o $WAN0_IF --dport $UNPRIVPORTS \
                  -m state --state ESTABLISHED,RELATED -j ACCEPT

Riferimenti

Retrieved from "https://kb.rvmgroup.it/index.php?title=Consentire_l%27FTP_attivo_e_passivo_con_iptables&oldid=4670"