[Gllug] ftp / iptables

Paul Brazier pbrazier at cosmos-uk.co.uk
Tue Oct 30 08:52:56 UTC 2001


> Sounds to me like you might be nuking DNS queries, and 
> possibly ftp active 
> mode too. Get rid of the DROP policy and put a DROP catch 
> rule on the input 
> chain. Make it log, and see what you're killing.

I tried "ftp 192.168.1.1" but still the same problem.
I did "/sbin/iptables -A INPUT -j LOG" (kept the DROP policy though) to
log anything that got to the end of my input chain.
Looking at /var/log/messages there were packets from 
client:high to server:53
and 
client:113 to server:high

So looks like it is trying to do a DNS lookup (not sure why it's not
using /etc/hosts) although the server is set up as the gateway machine
of the client.
port 113 is for authentication - not sure where this is from - I thought
the ftp client only used port 21 plus high numbers?

I was thinking though - for a standalone webserver why do I need a
firewall? Someone can only connect to a port if a service is running on
it, and the only ones I have running (from nmap) are the public ones. So
what added benefit do I get from packet-based filtering? I'm sure there
must be one, I just don't know what it is.
Is it in case a hacker gets in without root access and sets up their own
service on some high port?


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the originator.

This footnote also confirms that this email message has been checked
for the presence of computer viruses.

**********************************************************************


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list