Buenas
AleSanchez, la distribución que utilizo es Debian. Lo que quiero hacer es: liberar el puerto que utiliza el servidor FTP (nose cuál es el puerto), ya que ahora esta bloqueado por el firewall. Pero sólo quiero liberarlo para las conexiones salientes, no las entrantes. No quiero habilitar para que se conecten a mi server por FTP.
El puerto 2082 es un puerto que utiliza el panel de control de mi servicio de hosting, y desde que se instaló el firewall no puedo acceder a él.
Aqui está lo que me arroja iptables-save:
Código:
internet:/etc# iptables-save
# Generated by iptables-save v1.2.11 on Thu Nov 16 05:24:54 2006
*mangle
:PREROUTING ACCEPT [434321:167694496]
:INPUT ACCEPT [35415:4570166]
:FORWARD ACCEPT [398906:163124330]
:OUTPUT ACCEPT [47267:6044793]
:POSTROUTING ACCEPT [433898:167886609]
COMMIT
# Completed on Thu Nov 16 05:24:54 2006
# Generated by iptables-save v1.2.11 on Thu Nov 16 05:24:54 2006
*filter
:INPUT DROP [1726:154908]
:FORWARD DROP [2:2128]
:OUTPUT DROP [12775:1406890]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.y.y/255.255.255.0 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 5051 -j ACCEPT
-A INPUT -p udp -m udp --dport 5052 -j ACCEPT
-A INPUT -p udp -m udp --dport 5053 -j ACCEPT
-A INPUT -p udp -m udp --dport 5054 -j ACCEPT
-A INPUT -p udp -m udp --dport 5010 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j LOG --log-prefix "FIREWALL - SSH: "
-A INPUT -p tcp -m tcp --dport 21 -j LOG --log-prefix "FIREWALL - FTP: "
-A INPUT -p tcp -m tcp --dport 23 -j LOG --log-prefix "FIREWALL - TELNET: "
-A INPUT -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 201.22.95.63 -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -m state --state NEW -j ACCEPT
-A FORWARD -p udp -m udp --dport 5051 -j ACCEPT
-A FORWARD -p udp -m udp --dport 5052 -j ACCEPT
-A FORWARD -p udp -m udp --dport 5053 -j ACCEPT
-A FORWARD -p udp -m udp --dport 5054 -j ACCEPT
-A FORWARD -p udp -m udp --dport 5010 -j ACCEPT
-A FORWARD -s 10.50.1.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT
-A FORWARD -s 10.50.2.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT
-A FORWARD -s 10.50.3.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT
-A FORWARD -s 10.50.4.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 1863 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 5190 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 3050 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p icmp -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -s 192.168.z.z -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.y.y/255.255.255.0 -m state --state NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -s 201.22.95.63 -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
COMMIT
# Completed on Thu Nov 16 05:24:54 2006
# Generated by iptables-save v1.2.11 on Thu Nov 16 05:24:54 2006
*nat
:PREROUTING ACCEPT [49556:2778797]
:POSTROUTING ACCEPT [11271:967641]
:OUTPUT ACCEPT [40886:3435623]
-A PREROUTING -s 10.50.1.0/255.255.255.0 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.x.x
-A PREROUTING -s 10.50.2.0/255.255.255.0 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.x.x
-A PREROUTING -s 10.50.3.0/255.255.255.0 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.x.x
-A PREROUTING -s 10.50.4.0/255.255.255.0 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.x.x
-A POSTROUTING -s 192.168.x.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 53 -j SNAT --to-source 200.3.254.x
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 80 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 25 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 110 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 443 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 1863 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 5190 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 3050 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 8080 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -p icmp -j MASQUERADE
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 53 -j MASQUERADE
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -p udp -m udp --dport 53 -j MASQUERADE
-A POSTROUTING -s 192.168.z.z -j MASQUERADE
COMMIT
, llegue a init.d, y este es el listado de archivos, pero nose que hacer ahi.
Código:
internet:/etc# ls
adduser.conf crontab exim4 inputrc mdadm pam.conf rmt
adjtime cron.weekly fdmount.conf iproute2 mediaprm pam.d rpc
aliases csh.cshrc fstab issue mime.types passwd samba
alternatives csh.login ftpusers issue.net mkinitrd passwd- securetty
apache csh.logout groff kernel-img.conf modprobe.d perl security
apm cups group ldap modules php4 services
apt debconf.conf group- ld.so.cache modules.conf ppp shadow
at.deny debian_version gshadow locale.alias modules.conf.old printcap shadow-
bash.bashrc default gshadow- locale.gen modutils profile shells
bash_completion deluser.conf host.conf localtime motd protocols skel
bash_completion.d dhclient.conf hostname logcheck mtab python2.3 ssh
bind dhclient-script hosts login.defs mtools.conf rc0.d sysctl.conf
calendar dhcp3 hosts.allow logrotate.conf Muttrc rc1.d syslog.conf
chatscripts dictionaries-common hosts.deny logrotate.d mysql rc2.d terminfo
complete.tcsh discover.conf hotplug magic nanorc rc3.d timezone
console discover.conf-2.6 hotplug.d mailcap network rc4.d ucf.conf
console-tools discover.d identd.conf mailcap.order networks rc5.d updatedb.conf
cron.d dpkg identd.key mailname nsswitch.conf rc6.d vsftpd.conf
cron.daily emacs inetd.conf mail.rc openoffice rcS.d w3m
cron.hourly email-addresses init.d manpath.config openvpn reportbug.conf wgetrc
cron.monthly environment inittab mc opt resolv.conf
Desde ya muchas gracias por las respuestas.
Saludos