IPTABLES dan FTP Server: Perbedaan revisi
Dari IGNwiki
Baris 10: | Baris 10: | ||
IPTABLES_MODULES="nf_conntrack_ftp" | IPTABLES_MODULES="nf_conntrack_ftp" | ||
− | Salin dan paste konfigurasi di bawah ini ke /etc/sysconfig/iptables | + | Salin dan tempel (copy paste) konfigurasi di bawah ini ke /etc/sysconfig/iptables |
# /etc/sysconfig/iptables | # /etc/sysconfig/iptables | ||
# Generated by iptables-save v1.4.1.1 on Tue May 24 11:28:49 2011 | # Generated by iptables-save v1.4.1.1 on Tue May 24 11:28:49 2011 |
Revisi per 24 Mei 2011 05.04
FTP Server yang ada di IGOS Nusantara 2009 atau Fedora 10 dan Fedora 12 tidak dapat diakses jika firewall aktif. Ada modul terkait iptables yang harus dimuat lebih dulu, yaitu nf_conntrack_ftp.
Muat modul:
modprobe nf_conntrack_ftp
Tambahkan ke /etc/rc.d/rc.local
echo "modprobe nf_conntrack_ftp" >> /etc/rc.d/rc.local
Tambahkan entri: /etc/sysconfig/iptables-config"
IPTABLES_MODULES="nf_conntrack_ftp"
Salin dan tempel (copy paste) konfigurasi di bawah ini ke /etc/sysconfig/iptables
# /etc/sysconfig/iptables # Generated by iptables-save v1.4.1.1 on Tue May 24 11:28:49 2011 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [11535:1203162] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -d 224.0.0.251/32 -p udp -m state --state NEW -m udp --dport 5353 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A OUTPUT -p tcp -m state --state NEW -m tcp --sport 20 -j ACCEPT COMMIT # Completed on Tue May 24 11:28:49 2011
Taut: