IPTABLES dan FTP Server: Perbedaan revisi

Revisi per 24 Mei 2011 05.03

FTP Server yang ada di IGOS Nusantara 2009 atau Fedora 10 dan Fedora 12 tidak dapat diakses jika firewall aktif. Ada modul terkait iptables yang harus dimuat lebih dulu, yaitu nf_conntrack_ftp.

Muat modul:

modprobe nf_conntrack_ftp

Tambahkan ke /etc/rc.d/rc.local

echo "modprobe nf_conntrack_ftp" >> /etc/rc.d/rc.local

Tambahkan entri: /etc/sysconfig/iptables-config"

IPTABLES_MODULES="nf_conntrack_ftp"

Salin dan paste konfigurasi di bawah ini ke /etc/sysconfig/iptables

# /etc/sysconfig/iptables 
# Generated by iptables-save v1.4.1.1 on Tue May 24 11:28:49 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11535:1203162]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -d 224.0.0.251/32 -p udp -m state --state NEW -m udp --dport 5353 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT 
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
-A OUTPUT -p tcp -m state --state NEW -m tcp --sport 20 -j ACCEPT 
COMMIT
# Completed on Tue May 24 11:28:49 2011

Taut:

• http://www.fedoraforum.org/forum/showthread.php?t=247598