Hall of Fame

1. fosiul0132,475
2. Blaz31,566
3. KeremE27,463
4. noci20,606
5. omarfarid15,452
6. DaveHowe13,650
7. Tintin10,750
8. woolmilkp...10,725
9. uetian170710,415
10. oklit10,100
11. ahoffmann9,500
12. small_stu...9,394
13. giltjr8,500
14. fmarzocca8,000
15. it4soho6,775
16. rsivanandan6,500
16. rcflyr6,500
16. MiLLeNNiuM6,500
19. ai_ja_nai6,300
20. WizRd-Li...6,275
21. gheist5,825
22. jools5,800
23. _jesper_5,600
24. mwecom...5,575
25. Redimido5,500

1. ahoffmann200,276
2. ravenpl110,775
3. jlevie95,810
4. Blaz73,571
5. Redimido71,848
6. noci67,844
7. kblack0565,801
8. omarfarid48,131
9. fosiul0147,936
10. shakoush...47,887
11. KeremE39,963
12. Nopius36,400
13. Tintin35,905
14. xDamox32,605
15. wesly_c...31,085
16. decoleur29,587
17. XoF28,530
18. Mysidia25,470
19. DaveHowe25,014
20. slyong21,932
21. pjedmond21,733
22. giltjr19,930
23. chris_cal...19,816
24. uetian170717,515
25. rindi16,950

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.2

ip tables script won't let ftp traffic through

Asked by adamshields in Linux Network Security

Tags: accept, inetin, iptables

I have no idea what i'm missing, everything works fine except ftp whether it's explorer or a ftp client

# Generated by iptables-save v1.2.8 on Tue Jun 14 00:12:20 2005
*filter
:INPUT DROP [26:1940]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [16:4188]
:DMZIN - [0:0]
:DMZOUT - [0:0]
:INETIN - [0:0]
:INETOUT - [0:0]
:LDROP - [0:0]
:LREJECT - [0:0]
:LTREJECT - [0:0]
:TCPACCEPT - [0:0]
:TREJECT - [0:0]
:UDPACCEPT - [0:0]
:ULDROP - [0:0]
:ULREJECT - [0:0]
:ULTREJECT - [0:0]
-A INPUT -i eth1 -j INETIN
-A INPUT -s 192.168.0.0/255.255.255.0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j INETIN
-A FORWARD -i eth0 -o eth1 -j INETOUT
-A FORWARD -s 192.168.0.0/255.255.255.0 -i ! eth1 -o ! eth1 -j ACCEPT
-A OUTPUT -o eth1 -j INETOUT
-A INETIN -m state --state INVALID -j DROP
-A INETIN -p icmp -m icmp --icmp-type 5 -j TREJECT
-A INETIN -p icmp -m icmp --icmp-type 9 -j TREJECT
-A INETIN -p icmp -m icmp --icmp-type 10 -j TREJECT
-A INETIN -p icmp -m icmp --icmp-type 15 -j TREJECT
-A INETIN -p icmp -m icmp --icmp-type 16 -j TREJECT
-A INETIN -p icmp -m icmp --icmp-type 17 -j TREJECT
-A INETIN -p icmp -m icmp --icmp-type 18 -j TREJECT
-A INETIN -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A INETIN -p icmp -m icmp --icmp-type 8 -j TREJECT
-A INETIN -p icmp -m icmp ! --icmp-type 8 -j ACCEPT
-A INETIN -p tcp -m tcp --dport 20 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 21 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 22 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 25 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 53 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 80 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 110 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 139 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 143 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 445 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 465 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 587 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 873 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 953 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 993 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 2401 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 2402 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 3128 -j TCPACCEPT
-A INETIN -p tcp -m tcp --dport 10000 -j TCPACCEPT
-A INETIN -p udp -m udp --dport 20 -j UDPACCEPT
-A INETIN -p udp -m udp --dport 21 -j UDPACCEPT
-A INETIN -p udp -m udp --dport 53 -j UDPACCEPT
-A INETIN -p udp -m udp --dport 137 -j UDPACCEPT
-A INETIN -p udp -m udp --dport 138 -j UDPACCEPT
-A INETIN -m state --state ESTABLISHED -j ACCEPT
-A INETIN -p tcp -m tcp --dport 1024:65535 -m state --state RELATED -j TCPACCEPT
-A INETIN -p udp -m udp --dport 1024:65535 -m state --state RELATED -j UDPACCEPT
-A INETIN -j TREJECT
-A INETOUT -j ACCEPT
-A LDROP -p tcp -m limit --limit 2/sec -j LOG --log-prefix "TCP Dropped " --log-level info
-A LDROP -p udp -m limit --limit 2/sec -j LOG --log-prefix "UDP Dropped " --log-level info
-A LDROP -p icmp -m limit --limit 2/sec -j LOG --log-prefix "ICMP Dropped " --log-level info
-A LDROP -f -m limit --limit 2/sec -j LOG --log-prefix "FRAGMENT Dropped "
-A LDROP -j DROP
-A LREJECT -p tcp -m limit --limit 2/sec -j LOG --log-prefix "TCP Rejected " --log-level info
-A LREJECT -p udp -m limit --limit 2/sec -j LOG --log-prefix "UDP Rejected " --log-level info
-A LREJECT -p icmp -m limit --limit 2/sec -j LOG --log-prefix "ICMP Rejected " --log-level info
-A LREJECT -f -m limit --limit 2/sec -j LOG --log-prefix "FRAGMENT Rejected "
-A LREJECT -j REJECT --reject-with icmp-port-unreachable
-A LTREJECT -p tcp -m limit --limit 2/sec -j LOG --log-prefix "TCP Rejected " --log-level info
-A LTREJECT -p udp -m limit --limit 2/sec -j LOG --log-prefix "UDP Rejected " --log-level info
-A LTREJECT -p icmp -m limit --limit 2/sec -j LOG --log-prefix "ICMP Rejected " --log-level info
-A LTREJECT -f -m limit --limit 2/sec -j LOG --log-prefix "FRAGMENT Rejected "
-A LTREJECT -j TREJECT
-A TCPACCEPT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 30/sec -j ACCEPT
-A TCPACCEPT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 2/sec -j LOG --log-prefix "Possible SynFlood "
-A TCPACCEPT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j TREJECT
-A TCPACCEPT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A TCPACCEPT -m limit --limit 2/sec -j LOG --log-prefix "Mismatch in TCPACCEPT "
-A TCPACCEPT -j TREJECT
-A TREJECT -p tcp -j REJECT --reject-with tcp-reset
-A TREJECT -p udp -j REJECT --reject-with icmp-port-unreachable
-A TREJECT -p icmp -j DROP
-A TREJECT -j REJECT --reject-with icmp-port-unreachable
-A UDPACCEPT -p udp -j ACCEPT
-A UDPACCEPT -m limit --limit 2/sec -j LOG --log-prefix "Mismatch on UDPACCEPT "
-A UDPACCEPT -j TREJECT
-A ULDROP -p tcp -m limit --limit 2/sec -j ULOG --ulog-prefix "LDROP_TCP"
-A ULDROP -p udp -m limit --limit 2/sec -j ULOG --ulog-prefix "LDROP_UDP"
-A ULDROP -p icmp -m limit --limit 2/sec -j ULOG --ulog-prefix "LDROP_ICMP"
-A ULDROP -f -m limit --limit 2/sec -j ULOG --ulog-prefix "LDROP_FRAG"
-A ULDROP -j DROP
-A ULREJECT -p tcp -m limit --limit 2/sec -j ULOG --ulog-prefix "LREJECT_TCP"
-A ULREJECT -p udp -m limit --limit 2/sec -j ULOG --ulog-prefix "LREJECT_UDP"
-A ULREJECT -p icmp -m limit --limit 2/sec -j ULOG --ulog-prefix "LREJECT_UDP"
-A ULREJECT -f -m limit --limit 2/sec -j ULOG --ulog-prefix "LREJECT_FRAG"
-A ULREJECT -j REJECT --reject-with icmp-port-unreachable
-A ULTREJECT -p tcp -m limit --limit 2/sec -j ULOG --ulog-prefix "LTREJECT_TCP"
-A ULTREJECT -p udp -m limit --limit 2/sec -j ULOG --ulog-prefix "LTREJECT_UDP"
-A ULTREJECT -p icmp -m limit --limit 2/sec -j ULOG --ulog-prefix "LTREJECT_ICMP"
-A ULTREJECT -f -m limit --limit 2/sec -j ULOG --ulog-prefix "LTREJECT_FRAG"
-A ULTREJECT -p tcp -j REJECT --reject-with tcp-reset
-A ULTREJECT -p udp -j REJECT --reject-with icmp-port-unreachable
-A ULTREJECT -p icmp -j DROP
-A ULTREJECT -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Tue Jun 14 00:12:20 2005
# Generated by iptables-save v1.2.8 on Tue Jun 14 00:12:20 2005
*nat
:PREROUTING ACCEPT [56:3174]
:POSTROUTING ACCEPT [7:600]
:OUTPUT ACCEPT [5:520]
COMMIT
# Completed on Tue Jun 14 00:12:20 2005
# Generated by iptables-save v1.2.8 on Tue Jun 14 00:12:20 2005
*mangle
:PREROUTING ACCEPT [623:74973]
:INPUT ACCEPT [1200:139905]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [626:294533]
:POSTROUTING ACCEPT [1312:340402]
COMMIT
# Completed on Tue Jun 14 00:12:20 2005

Get your answer NOW

	Title
1	iptables
2	config to alow browser ftp out to inter…
3	IPtables Redirection
4	iptables help!!
5	IPTABLES logging...
6	IPTABLES + SQUID

ip tables script won't let ftp traffic through

Asked by adamshields in Linux Network Security

Tags: accept, inetin, iptables

About this solution