[Zope] iptables rules for zope webserver
Bryan Capitano
Bryan@capitanoweb.com
Mon, 2 Dec 2002 08:10:26 -0800
Remember that FTP works by first establishing connections at the specified
ports (8020 and 8021) and then it negotiates new ports for further
transactions. Therefore, you have to accept both ESTABLISHED and RELATED
ports in order to get FTP working through a firewall:
iptables -A INPUT -p all -i eth0 --dport 8021 -j ACCEPT
iptables -A INPUT -p all -i eth0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A OUTPUT -p all -m state --state ESTABLESHED,RELATED -j ACCEPT
Bryan
> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
> Jianping Zhu
> Sent: Sunday, December 01, 2002 7:52 PM
> To: zope@zope.org
> Subject: [Zope] iptables rules for zope webserver
>
>
>
> I have a redhat linux 7.1 server with a zope websever on it. I use
> iptables
> as firewall. following is the iptables rules for zope:
>
> #===========================================================
> ## Zope
> iptables -= INPUT -i $IFACE -p tcp --dport 8080 -j ACCEPT
>
> # Allow inbound ftp
> iptables -A INPUT -i $IFACE -p tcp --dport 8021 -m state --state \
> NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -o $IFACE -p tcp --storc 8021 -m state --state \
> ESTABLISHED -j ACCEPT
> #=======================================================================
>
> I am trying to use ws_ftp to send files to zope sever via port 8021 ( in
> ws_ftp
> session property->advanced i set remote port as 8021 and checked passive
> transfers). If I stop iptables, i can conect to zope via ftp (port 8021)
> and ftp files to zope. If the iptables is on, it still can connect to
> zope but i can not see the directories in the remote site text filed of
> the ws_ftp
> windows. it seems that it can connect to zope but can not display the
> directories in zope. and i failed to ftp it the zope server.
> Therefore, i believe the above iptalbles rules for zope have problem. how
> can i
> fix this problem and let zope ftp work?
> Any suggestion will be greatly appreciated.
>
> Jianping
>
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>