FTP and Firewall difficulties (SEC: UNCLASSIFIED)

Lisman, FLGOFF Jarrad Jarrad.Lisman at defence.gov.au
Fri Jul 19 08:49:26 EST 2002

HI, I am trying to set up a firewall on mandrake 8.2 using iptables. I have
a whole bunch of private systems that I am doing SNATing on through the
firewall for the 6 IP addresses that I have. I have no servers on the inside
so I blocked all incoming traffic initially, I soon discovered that of
course an active ftp transfer will not work. I then allowed the control port
to be forwarded (20) but this caused an issue in that because it is SNATing
the firewall does not know where to send the connection initiated by the ftp
server I am trying to reach. I thought maybe that the module
ip_conntrack_ftp would fix this but after insmoding it, it appears to not do
much at all. I then changed the SNATing to only do one address instead of
the 6 I have and I seem to kind of get through to the server except for an
illegal port command error that pops up everytime I try to access something.
I also noted that before I changed from the 6 IP's to the 1 that at one
particular site I was getting an auth (port113) request dropped.

My config is as follows

iptables -t nat -A SOURCE -j SNAT --to-source $IPMIN-$IPMAX
(Where IPMin and max is my IP range)
or iptables -t nat -A SOURCE -j SNAT --to-source $MYIP
(Where myip is the selected ip)
iptables -A OUTFORWARD -p tcp --sport 20 --dport $UNPRIVPORTS -j ACCEPT

Can anyone see where my problem is and does anyone know what auth is and
what it has to do with my ftping>



More information about the linux mailing list