WU-FTPD and IPTABLES DROP Policy
configuring IPTABLES on my RH7.1 Router and want to acomplish the following...
- Keep WAN card "Locked Down" to only accept SSH connections (-A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT) and DHCP renews from my providor (-A INPUT -p tcp --sport 67 --dport 68 -i eth1 -j ACCEPT).
- Keep LAN card wide open so I can run WU-FTPD/DHCPD/SSH on the LAN (-A INPUT -i eth0 -j ACCEPT)
Found that when I change the INPUT IPTABLES policy to DROP(-P INPUT DROP) I can no longer FTP in from the LAN. Change the Policy to ACCEPT and it works great, but I want the default policy to DROP...
Anyone doing this with success? I am concerned that I may need the KERNEL patch with the IPTABLES update, but not sure - hoping to hear that others out there are doing this combo with success.
Everything is working great besides this, just a little troubling to change the default policy to ACCEPT just to FTP in... Most likely this is due to my lack of knowledge on WU-FTPD - Could it be that the WU-FTPD daemon binds to a certain card/IP?
Last edited by Cpare; 10-23-2001 at 09:27 PM.
|