IPTABLES dan FTP Server

Dari IGNwiki
Langsung ke: navigasi, cari

FTP Server yang ada di IGOS Nusantara 2009 atau Fedora 10 dan Fedora 12 tidak dapat diakses jika firewall aktif. Ada modul terkait iptables yang harus dimuat lebih dulu, yaitu nf_conntrack_ftp.

Muat modul

modprobe nf_conntrack_ftp

Tambahkan ke /etc/rc.d/rc.local

echo "modprobe nf_conntrack_ftp" >> /etc/rc.d/rc.local

Tambahkan entri: /etc/sysconfig/iptables-config

IPTABLES_MODULES="nf_conntrack_ftp"

Skrip iptables

Salin dan tempel (copy paste) konfigurasi di bawah ini ke /etc/sysconfig/iptables

# /etc/sysconfig/iptables 
# Generated by iptables-save v1.4.1.1 on Tue May 24 11:28:49 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11535:1203162]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -d 224.0.0.251/32 -p udp -m state --state NEW -m udp --dport 5353 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT 
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
-A OUTPUT -p tcp -m state --state NEW -m tcp --sport 20 -j ACCEPT 
COMMIT
# Completed on Tue May 24 11:28:49 2011

Taut