iptables nat ftp
Форум — Admin
Есть сервер, 2 интерфейса один в инете другой в локальной сети Как настроить ftp доступ из локалки и чтобы он иог быть активным и пассивным вот мой iptables-save -с: # Generated by iptables-save v1.2.7a on Mon Dec 12 14:38:35 2005 *mangle :PREROUTING ACCEPT [4573646:1233798380] :INPUT ACCEPT [4519762:1229909578] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [5329462:2223246385] :POSTROUTING ACCEPT [5331901:2223835243] COMMIT # Completed on Mon Dec 12 14:38:35 2005 # Generated by iptables-save v1.2.7a on Mon Dec 12 14:38:35 2005 *nat :PREROUTING ACCEPT [102005:9592669] :POSTROUTING ACCEPT [6336:618526] :OUTPUT ACCEPT [124311:8518754] [34754:1671884] -A PREROUTING -d ! 80.82.42.40/255.255.255.248 -i ppp+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 [118002:7901308] -A POSTROUTING -o eth0 -j SNAT --to-source 80.82.42.42 COMMIT # Completed on Mon Dec 12 14:38:35 2005 # Generated by iptables-save v1.2.7a on Mon Dec 12 14:38:35 2005 *filter :INPUT DROP [12887:1467120] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :allowed - [0:0] :bad_tcp_packets - [0:0] :icmp_packets - [0:0] :tcp_packets - [0:0] :udp_packets - [0:0] [2838603:996179271] -A INPUT -p tcp -j bad_tcp_packets [822527:91479334] -A INPUT -i lo -j ACCEPT [0:0] -A INPUT -s 127.0.0.0/255.0.0.0 -j DROP [0:0] -A INPUT -d 127.0.0.0/255.0.0.0 -j DROP [1626:392572] -A INPUT -s 80.82.42.42 -i eth0 -j DROP [0:0] -A INPUT -s 80.82.32.48 -j ACCEPT [1018021:130481125] -A INPUT -i ppp+ -j ACCEPT [1195672:175234711] -A INPUT -d 192.168.1.1 -m state --state RELATED,ESTABLISHED -j ACCEPT [1436:475350] -A INPUT -i eth1 -p udp -m udp --sport 68 --dport 67 -j ACCEPT [66:3168] -A INPUT -i eth1 -p tcp -m tcp --dport 137:139 -j ACCEPT [51631:6290153] -A INPUT -i eth1 -p udp -m udp --dport 137:139 -j ACCEPT [7573:360394] -A INPUT -s 192.168.1.0/255.255.255.0 -i eth1 -p tcp -j tcp_packets [5268:433204] -A INPUT -s 192.168.1.0/255.255.255.0 -i eth1 -p udp -j udp_packets [69:4150] -A INPUT -s 192.168.1.0/255.255.255.0 -i eth1 -p icmp -j icmp_packets [1363501:819919942] -A INPUT -d 80.82.42.42 -m state --state RELATED,ESTABLISHED -j ACCEPT [33035:3068166] -A INPUT -d 80.82.42.43 -m state --state RELATED,ESTABLISHED -j ACCEPT [15242:827856] -A INPUT -i eth0 -p tcp -j tcp_packets [2857:845668] -A INPUT -i eth0 -p udp -j udp_packets [942:77004] -A INPUT -i eth0 -p icmp -j icmp_packets [12886:1467080] -A INPUT -j LOG --log-prefix "Blocked in INPUT chain: " --log-level 6 [0:0] -A FORWARD -p tcp -j bad_tcp_packets [0:0] -A FORWARD -i eth1 -j DROP [0:0] -A FORWARD -i ppp+ -j ACCEPT [0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT [0:0] -A FORWARD -j LOG --log-prefix "Blocked in FORWARD chain: " --log-level 6 [807510:88472189] -A OUTPUT -s 127.0.0.1 -j ACCEPT [1704570:1001725579] -A OUTPUT -s 192.168.1.1 -j ACCEPT [1341839:230276547] -A OUTPUT -s 80.82.42.42 -j ACCEPT [34866:15216549] -A OUTPUT -s 80.82.42.43 -j ACCEPT [1440663:887550149] -A OUTPUT -s 192.168.25.1 -j ACCEPT [0:0] -A OUTPUT -j LOG --log-prefix "Blocked in OUTPUT chain: " --log-level 6 [9256:493804] -A allowed -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT [4302:203314] -A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT [48:12910] -A allowed -p tcp -j LOG --log-prefix "Blocked in ALDW chain: " --log-level 6 [48:12910] -A allowed -p tcp -j DROP [52:2360] -A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j LOG --log-prefix "Blocked in BTP chain: " --log-level 7 [52:2360] -A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset [1008:80930] -A icmp_packets -p icmp -m icmp --icmp-type 8 -j ACCEPT [2:112] -A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT [1:112] -A icmp_packets -p icmp -j LOG --log-prefix "Blocked in ICP chain: " --log-level 6 [330:19608] -A tcp_packets -p tcp -m tcp --dport 21:22 -j allowed [3139:210158] -A tcp_packets -p tcp -m tcp --dport 80 -j allowed [186:8968] -A tcp_packets -p tcp -m tcp --dport 3128 -j allowed [0:0] -A tcp_packets -s 192.168.25.0/255.255.255.0 -p tcp -m tcp --dport 110 -j allowed [4226:176165] -A tcp_packets -s 192.168.1.0/255.255.255.0 -p tcp -m tcp --dport 110 -j allowed [1:48] -A tcp_packets -s 80.82.0.0/255.255.0.0 -p tcp -m tcp --dport 110 -j allowed [8:384] -A tcp_packets -p tcp -m tcp --dport 143 -j allowed [5484:283561] -A tcp_packets -p tcp -m tcp --dport 25 -j allowed [7:336] -A tcp_packets -p tcp -m tcp --dport 53 -j allowed [0:0] -A tcp_packets -p tcp -m tcp --sport 53 --dport 1024:65535 -j allowed [0:0] -A tcp_packets -p tcp -m tcp --sport 21 -j allowed [225:10800] -A tcp_packets -p tcp -m tcp --dport 1723 -j allowed [9209:478222] -A tcp_packets -p tcp -j LOG --log-prefix "Blocked in TP chain: " --log-level 6 [4578:296608] -A udp_packets -p udp -m udp --dport 53 -j ACCEPT [103:7362] -A udp_packets -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT [3444:974902] -A udp_packets -p udp -j LOG --log-prefix "Blocked in UP chain: " --log-level 6 COMMIT # Completed on Mon Dec 12 14:38:35 2005 может тут что подправить?