iptables?

Anthony Creapeau creapeaa at msoe.edu
Mon Mar 26 01:56:31 EDT 2007


TCP Ports 20, 21 and 20 are FTP, SFTP and SSH ports respectively. These
ports are outgoing communications used by the respective protocol, (IE. FTP,
SFTP and SSH) and the responding or incoming communications usually are
negotiated to use ports above 1024. Hope this makes sense.

-----Original Message-----
From: speakup-bounces at braille.uwo.ca [mailto:speakup-bounces at braille.uwo.ca]
On Behalf Of Gregory Nowak
Sent: Sunday, March 25, 2007 6:39 PM
To: Speakup is a screen review system for Linux.
Subject: Re: iptables?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think I see the problem.

Basically, you want to use --dport, instead of --sport. For example, the way
you have it now:

iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT

means that you'd be accepting connections with source ports 20:22. If I
understand tcp/ip correctly, that could never happen with those ports, I
think they're used only for responding to already initiated connections. So,
if what you want to do is to allow connections on ports 20:22 in this
example into your box, use --dport.

Greg



On Sun, Mar 25, 2007 at 03:36:43PM -0700, Littlefield, Tyler wrote:
> Hello list,
> I've got the following iptables set.
> iptables -F
> iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT iptables -A INPUT -p 
> tcp --sport 80 -j ACCEPT iptables -A INPUT -p tcp --sport 110 -j 
> ACCEPT iptables -A INPUT -p tcp --sport 3784 -j ACCEPT iptables -A 
> INPUT -p tcp --sport 443 -j ACCEPT iptables -A INPUT -p tcp --sport 
> 6666:6670 -j ACCEPT iptables -A INPUT -p tcp --sport 10000 -j ACCEPT 
> iptables -A INPUT -p tcp --sport 20000 -j ACCEPT iptables -P INPUT 
> DROP iptables -P OUTPUT ACCEPT I'm dmzed, and when I run this, it puts 
> everything to filter.
> Any idea what I'm doing wrong?
> Thanks,
> ~~TheCreator~~
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

- --
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager at EU.org -----BEGIN PGP
SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGBwgX7s9z/XlyUyARAsCLAJ97NBM9eFYvQtGXAtO205j37fTk1gCfW+HS
ArSXMxhPWyq79WeX8FnJ8y4=
=Em7O
-----END PGP SIGNATURE-----

_______________________________________________
Speakup mailing list
Speakup at braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup





More information about the Speakup mailing list