Solved
Linux IPTABLES Firewall + FTP + Directory Listing Error
Posted on 2004-08-12
Well, I have written my own firewall script, and it seems to work quite good. It is quit a good firewall, used all securtity scans against it, and it works like a charm. Exept one thing. When I try, from a client behind my firewall, to connect to a FTP server I usually get the following error:
Directory Listing Error...
Any solution ?
Here is my firewall script:
#!/bin/bash
IPTABLES="/sbin/iptables"
#Flush all tables
echo
echo -n "Loading ICARUS Firewall"
echo
echo -n "Copyright: Yves Gijbels under GP Licence"
echo
echo -n "Using: "
${IPTABLES} -V
echo
echo
echo -n "Flushing all rules ............................. "
${IPTABLES} -F INPUT
${IPTABLES} -F OUTPUT
${IPTABLES} -F FORWARD
${IPTABLES} -t nat -F PREROUTING
${IPTABLES} -t nat -F OUTPUT
${IPTABLES} -t nat -F POSTROUTING
${IPTABLES} -t mangle -F PREROUTING
${IPTABLES} -t mangle -F OUTPUT
${IPTABLES} -X
${IPTABLES} -t nat -X
${IPTABLES} -t mangle -X
${IPTABLES} -t filter -X
echo "DONE"
echo
echo -n "Turn on IP Forwarding .......................... "
echo 1 > /proc/sys/net/ipv4/ip_forward
echo -n "DONE"
echo
echo -n "Turn on DHCP Support ........................... "
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
echo -n "DONE"
echo
echo
echo -n "Opening ports 50021 50022 50080 ................ "
${IPTABLES} -A INPUT -p tcp --dport 50021 -j ACCEPT
${IPTABLES} -A INPUT -p tcp --dport 50022 -j ACCEPT
${IPTABLES} -A INPUT -p tcp --dport 50080 -j ACCEPT
echo -n "DONE"
echo
echo -n "Masquerade internal clients to the Internet .... "
${IPTABLES} -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
${IPTABLES} -A FORWARD -i eth1 -o eth0 -j ACCEPT
${IPTABLES} -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo -n "DONE"
echo
echo
echo -n "Setting Default Policies ....................... "
${IPTABLES} -P INPUT DROP
${IPTABLES} -A INPUT -i eth1 -j ACCEPT
${IPTABLES} -P OUTPUT ACCEPT
${IPTABLES} -P FORWARD ACCEPT
echo -n "DONE"
echo
echo
echo -n "Forwarding traffic to internal servers"
echo
echo -n "Forwarding VPN ................................. "
${IPTABLES} -t nat -A PREROUTING -i eth0 -p tcp --dport 1723 -j DNAT --to-destination 10.0.0.2:1723
${IPTABLES} -t nat -A PREROUTING -i eth0 -p gre -j DNAT --to 10.0.0.2
${IPTABLES} -A FORWARD -p tcp -i eth0 -d 10.0.0.2 --dport 1723 -j ACCEPT
echo -n "DONE"
echo
echo
echo -n "Enable Security ................................ "
${IPTABLES} -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
${IPTABLES} -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP
${IPTABLES} -A INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
${IPTABLES} -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP
${IPTABLES} -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
${IPTABLES} -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
${IPTABLES} -A INPUT -i eth0 -p icmp -j DROP
${IPTABLES} -A INPUT -i eth0 -p udp --sport 137 --dport 137 -j DROP
echo -n "DONE"
echo
echo
echo -n "Done loading the firewall!"
echo
echo