![]() ![]() With the iptables rule you mention as necessary you are in fact changing the port from 20 to 1024 so if that is necessary to work you might be opening the connection in a wrong way. The incoming traffic also seems good because you accept all established and related packets to the INPUT chain. In your case, in iptables you allow all outgoing traffic (with the OUTPUT ACCEPT) and there is no rule after that would block the outgoing traffic. Usually the FW rules are important on the server side, not the client. In this case your ubuntu machine is the client, trying to send the file.Īs far as I can see, you shouldn't need to do anything special. Last edited by wildmanne39 April 30th, 2020 at 10:34 PM. A LOGGING -m limit -limit 2/min -j LOG -log-prefix "IPTables-Dropped: " -log-level 4 A INPUT -j REJECT -reject-with icmp-port-unreachable # reject all other packets coming into the computer, even from other computers in the local area network A INPUT -p tcp -sport 20 -dport 1024: -m state -state NEW -j ACCEPT # THIS LINE - needed to allow PassiveFTP to work properly A INPUT -p tcp -sport 1024: -dport 1024: -m state -state ESTABLISHED -j ACCEPT A INPUT -p tcp -dport 21 -m state -state NEW -j ACCEPT A FORWARD -i ens3 -o tun+ -m state -state RELATED,ESTABLISHED -j ACCEPT A FORWARD -i tun+ -o ens3 -m state -state RELATED,ESTABLISHED -j ACCEPT A INPUT -i ens3 -p udp -m state -state NEW -m udp -dport 1194 -j ACCEPT ![]() A INPUT -p tcp -m state -state NEW -m tcp -dport 443 -j ACCEPT A INPUT -m state -state RELATED,ESTABLISHED -j ACCEPT # accept all previously established connections A POSTROUTING -s 10.8.0.0/24 -o tun0 -j MASQUERADE ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |