Dorian Gray Posté(e) le 21 mai 2008 Partager Posté(e) le 21 mai 2008 Bonjour, Malgrès mes différentes recherches sur la toile, je n'arrive pas à configurer mon script Netfilter afin qu'il laisse passer les utilisateurs (du lan vert) qui souhaitent accèder à un serveur ftp (que je n'administre pas) qui est configuré pour se connecter en mode ftp passif. voici mon une partie script ainsi qu'un état des modules lancés modprobe ip_conntrack_ftp modprobe ip_nat_ftp red=eth2 green=eth0 blue=eth1 #Protocoles http=80,81,8080 https=443 ftp=20,21 ftps=989 pop=110 imap=143,220 imaps=993 smtp=25,2525 time=123,37,119 pxe=67 snmp=161 epmap=135 isakmp=500 ldap=389,636,3268,3269 dns=53 cifs=445,901 kerberos=88 wins=1512,42 # GREEN -> RED iptables -A CUSTOMFORWARD -i $green -o $red -j DROP iptables -I CUSTOMFORWARD -i $green -o $red -p tcp -m multiport --dports $http,$https -j ACCEPT iptables -I CUSTOMFORWARD -i $green -o $red -p tcp -m multiport --dports $ftp,$ftps -j ACCEPT iptables -I CUSTOMFORWARD -i $green -o $red -p udp -m multiport --dports $ftp,$ftps -j ACCEPT iptables -I CUSTOMFORWARD -i $green -o $red -p tcp -m multiport --dports $pop,$imap,$imaps,$smtp -j ACCEPT iptables -I CUSTOMFORWARD -i $green -o $red -p tcp -m multiport --dports $time -j ACCEPT iptables -I CUSTOMFORWARD --protocol tcp --destination-port $ftp -j ACCEPT iptables -I CUSTOMFORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -I CUSTOMFORWARD -i $green -o $red -p icmp -j ACCEPT ...... Liste des modules lancés Module Size Used by Not tainted ipt_REDIRECT 696 1 (autoclean) ipsec_twofish 35332 0 (unused) ipsec_sha2 7800 0 (unused) ipsec_sha1 18488 2 ipsec_serpent 11076 0 (unused) ipsec_md5 4440 0 (unused) ipsec_cast 15748 0 (unused) ipsec_blowfish 8420 0 (unused) ipsec_aes 31624 2 ipsec_3des 17052 0 (unused) ipsec 255300 2 [ipsec_twofish ipsec_sha2 ipsec_sha1 ipsec_serpent ipsec_md5 ipsec_cast ipsec_blowfish ipsec_aes ipsec_3des] ipt_MASQUERADE 1272 1 (autoclean) ipt_multiport 600 12 (autoclean) ip_nat_ftp 2448 0 (unused) ip_conntrack_ftp 3568 1 ipt_mark 440 2 (autoclean) ipt_TCPMSS 2168 1 (autoclean) ipt_state 504 16 (autoclean) ipt_REJECT 2968 1 (autoclean) ipt_LOG 3616 9 (autoclean) ipt_limit 792 9 (autoclean) iptable_mangle 2008 1 (autoclean) iptable_filter 1612 1 (autoclean) 8139too 13128 3 mii 2112 0 [8139too] crc32 2880 0 [8139too] ip_nat_quake3 1800 0 (unused) ip_conntrack_quake3 1896 1 ip_nat_proto_gre 1092 0 (unused) ip_nat_pptp 2148 0 (unused) ip_conntrack_pptp 2601 1 ip_conntrack_proto_gre 1973 0 [ip_nat_pptp ip_conntrack_pptp] ip_nat_mms 2672 0 (unused) ip_conntrack_mms 2832 1 ip_nat_irc 1968 0 (unused) ip_conntrack_irc 2768 1 ip_nat_h323 2372 0 (unused) ip_conntrack_h323 2153 1 iptable_nat 15878 8 [ipt_REDIRECT ipt_MASQUERADE ip_nat_ftp ip_nat_quake3 ip_nat_proto_gre ip_nat_pptp ip_nat_mms ip_nat_irc ip_nat_h323] ip_conntrack 18928 7 [ipt_REDIRECT ipt_MASQUERADE ip_nat_ftp ip_conntrack_ftp ipt_state ip_nat_quake3 ip_conntrack_quake3 ip_nat_pptp ip_conntrack_pptp ip_conntrack_proto_gre ip_nat_mms ip_conntrack_mms ip_nat_irc ip_conntrack_irc ip_nat_h323 ip_conntrack_h323 iptable_nat] ip_tables 10976 14 [ipt_REDIRECT ipt_MASQUERADE ipt_multiport ipt_mark ipt_TCPMSS ipt_state ipt_REJECT ipt_LOG ipt_limit iptable_mangle iptable_filter iptable_nat] acm 5120 0 (unused) keybdev 1764 0 (unused) hid 19908 0 (unused) input 3104 0 [keybdev hid] sd_mod 10284 0 (unused) usb-storage 24624 0 (unused) scsi_mod 52920 1 [sd_mod usb-storage] usb-uhci 20528 0 (unused) usbcore 56236 1 [acm hid usb-storage usb-uhci] apm 8644 0 Lien vers le commentaire Partager sur d’autres sites More sharing options...
Messages recommandés
Archivé
Ce sujet est désormais archivé et ne peut plus recevoir de nouvelles réponses.