iptables & ftp

[sathish]

Hello All !!

I have done masquerade to share the net connectivity in Redhat 9.0. I have done only routing and ftp server.

1) eth0 - PUBLIC IP
2) eth1 - PRIVATE IP (192.168.1.1).

1) I am having windows clients. In windows clients earlier I have given DNS address of the ISP provider for browsing. Now for one of the windows client I have given  the DNS address of the PRIVATE IP (eth1 address) and its browsing. How it is working ??

2) I want the FTP server to be used only for the PRIVATE-IP address and it should not work for the PUBLIC IP NETWORK. And also I want to change the default port(21) address of the ftp server to my own differnt port.
What are to be done ??


3) If I give the below code in the iptables my FTP server is not working ??
    code is :-
     iptables -A  INPUT -P tcp --syn -j DROP..
     How to go about this ??


Thank you
Sathish

[Ricky]

Ans 1. If it is working then may be your bind is running on your server machine as caching server.. See your resolv.conf while you are not connected to net and if it is empty or has an entry like..  

Code: [Select]

nameserver 127.0.0.1 then it is running as caching nameserver and you should also give dns as ur eth1 in other clients as it will improve the performance.

Ans 2. Well you can use a firewall. to block incoming request for ftp etc.. which you don't want people to see.. To change your ftp port either you can use redirection using iptables or you have to look your ftp program's conf files to change that. it is usually done through them.

To block your ftp you can first block every one from accessing the ftp port then open it for only eth1 ie LAN.

Code: [Select]

iptables -A INPUT -p tcp -s 0/0 --dport 21 -j DROP
        iptables -A INPUT -p tcp -i eth1 --dport 21 -j ACCEPT Like this you can build your firewall...