Iptables help
I''m trying to set up iptables on this linux machine, and all I want allowed are ftp and www. So I should allow only ports 21 and 80, right? Well why doesn''t this work:
Before I block any ports, I can ftp in to localhost and I can connect to localhost in a web browser just fine.
but after I run these iptables commands:
#iptables -A INPUT -p TCP --sport 0:20 -j DROP
#iptables -A INPUT -p TCP --sport 22:79 -j DROP
#iptables -A INPUT -p TCP --sport 81:65535 -j DROP
I cannot ftp in or connect to localhost in a web browser. I supposedly left ports 21 (ftp) and 80 (www) open, I assume.. so why can''t I get in? I can FTP in and WWW in up until the point I block ports 81-65535.
I also noticed that I can''t get anything out. Did I block a network port or something? What am I doing wrong?
Your FTP and HTTP servers might be using higher ports (i.e. 4000-4100) to perform other actions with the client. Check the documentation for your respective servers.
MatrixCubed
http://MatrixCubed.cjb.net
MatrixCubed
http://MatrixCubed.cjb.net
You blocked the wrong end of the connection (sport is `source'' port, not `server'' port). Use --dport instead.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement