当前位置: 技术问答>linux和unix
iptables 设置允许被动模式FTP
来源: 互联网 发布时间:2015-11-15
本文导语: iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Allow inner Network access iptables -A INPUT -i ! eth0 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport ${Port} -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport ${Port} -j ACCEPT iptables -A...
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Allow inner Network access
iptables -A INPUT -i ! eth0 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport ${Port} -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport ${Port} -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
上边的命令都执行成功后,用FTP工具登录服务器
2006-3-20 14:57:01.140 331 Password required for oracle.
2006-3-20 14:57:01.140 PASS ********
2006-3-20 14:57:01.390 230 User oracle logged in.
2006-3-20 14:57:01.390 登录成功
2006-3-20 14:57:01.390 PWD
2006-3-20 14:57:01.421 257 "/" is current directory.
2006-3-20 14:57:01.421 CWD /
2006-3-20 14:57:01.453 250 CWD command successful.
2006-3-20 14:57:01.468 PWD
2006-3-20 14:57:01.500 257 "/" is current directory.
2006-3-20 14:57:01.500 PASV
2006-3-20 14:57:01.531 227 Entering Passive Mode (210,192,122,119,136,162).
2006-3-20 14:57:01.546 正在连接 210.192.122.119:34978
连接超里
我应该怎么设置iptables才能使ftp正常工作
iptables -P OUTPUT ACCEPT
# Allow inner Network access
iptables -A INPUT -i ! eth0 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport ${Port} -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport ${Port} -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
上边的命令都执行成功后,用FTP工具登录服务器
2006-3-20 14:57:01.140 331 Password required for oracle.
2006-3-20 14:57:01.140 PASS ********
2006-3-20 14:57:01.390 230 User oracle logged in.
2006-3-20 14:57:01.390 登录成功
2006-3-20 14:57:01.390 PWD
2006-3-20 14:57:01.421 257 "/" is current directory.
2006-3-20 14:57:01.421 CWD /
2006-3-20 14:57:01.453 250 CWD command successful.
2006-3-20 14:57:01.468 PWD
2006-3-20 14:57:01.500 257 "/" is current directory.
2006-3-20 14:57:01.500 PASV
2006-3-20 14:57:01.531 227 Entering Passive Mode (210,192,122,119,136,162).
2006-3-20 14:57:01.546 正在连接 210.192.122.119:34978
连接超里
我应该怎么设置iptables才能使ftp正常工作
|
试试:
#控制通道
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
#数据通道
iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT
#控制通道
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
#数据通道
iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT
|
iptables -A INPUT -i eth0 -p tcp ! --syn -s any/0 --sport 21 -d $FW_IP --dport 1024:65535 -j ACCEPT
您可能感兴趣的文章:
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。