IPTables & FTP Connection Fails but Ports Open


#!/bin/sh

Flushing all rules
iptables -F
iptables -X

Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

Allow ssh on Port 22
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 22 -j ACCEPT

Allowing FTP Connections, including passive ports. (proftpd)
sudo iptables -A INPUT -p tcp –dport 21 -j ACCEPT

Allowing FTP Connections in active mode, where Data are passed through Port 20
sudo iptables -A OUTPUT -p tcp –sport 20 -j ACCEPT

Allowing Ports for Passive Mode connection, where Data is passed through ports
sudo iptables -A INPUT -p tcp –dport 1010:1012 -j ACCEPT

Allow connection via 1194 so that openVpn can use the network adapter
iptables -A INPUT -i eth0 -p udp –dport 1194 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp –dport 1194 -j ACCEPT

Allow connections via openVPN tun and tap interfaces
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A OUTPUT -o tap+ -j ACCEPT

Make Sure nothing else comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s