Проблема с iptables

sergleo · Отправлено: **14:15, 14-11-2005** | #6

для ftp я использую правила...

Код:

#------------------------------------------------------------
# ftp (TCP Ports 21, 20)
# Outgoing Local Client Requests to Remote Servers
# Outgoing Control Connection to Port 21
-A OUTPUT -o eth1 -p tcp -s 1.2.3.4 --sport 1024:65535 --dport ftp -j ACCEPT
-A INPUT  -i eth1 -p tcp ! --syn --sport ftp -d 1.2.3.4 --dport 1024:65535 -j ACCEPT
# Incoming Port Mode Data Channel Connection from Port 20
-A INPUT  -i eth1 -p tcp --sport ftp-data -d 1.2.3.4 --dport 1024:65535 -j ACCEPT
-A OUTPUT -o eth1 -p tcp ! --syn -s 1.2.3.4 --sport 1024:65535 --dport ftp-data -j ACCEPT
# Outgoing Passive Mode Data Channel Connection Between Unprivileveg Ports
-A OUTPUT -o eth1 -p tcp -s 1.2.3.4 --sport 1024:65535 --dport 1024:65535 -j ACCEPT
-A INPUT  -i eth1 -p tcp ! --syn --sport 1024:65535 -d 1.2.3.4 --dport 1024:65535 -j ACCEPT
#...............................................................
# Incoming Remote Client Requests to Local Servers
# Incoming Control Connection to Port 21
-A INPUT  -i eth1 -p tcp --sport 1024:65535 -d 1.2.3.4 --dport ftp -j ACCEPT
-A OUTPUT -o eth1 -p tcp ! --syn -s 1.2.3.4 --sport ftp --dport 1024:65535 -j ACCEPT
# Outgoing Port Mode Data Channel Connection to Port 20
-A OUTPUT -o eth1 -p tcp -s 1.2.3.4 --sport ftp-data --dport 1024:65535 -j ACCEPT
-A INPUT  -i eth1 -p tcp ! --syn --sport 1024:65535 -d 1.2.3.4 --dport ftp-data -j ACCEPT
# Incoming Passive Mode Data Channel Connection Between Unprivileved Ports
-A INPUT  -i eth1 -p tcp --sport 1024:65535 -d 1.2.3.4 --dport 1024:65535 -j ACCEPT
-A OUTPUT -o eth1 -p tcp ! --syn -s 1.2.3.4 --sport 1024:65535 --dport 1024:65535 -j ACCEPT

Дерзайте...