[Zope] zope ftp & firewall setup

Davis Marques Davis Marques" <dmm@machinic.net
Mon, 24 Jun 2002 17:02:35 -0700 

This is a multi-part message in MIME format.

------=_NextPart_000_0030_01C21BA0.F01069C0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

hi;

I'm wondering if anyone has experience setting up iptables for Zope FTP =
access.  I need to add this service
to my machine, but am not sure what an appropriate set of rules would =
be.  This is what I have so far:

# Zope FTP (port 8021)

# allow incoming tcp requests to port 8021
/sbin/iptables  -A INPUT  -i $OUTSIDEIF -p tcp \
                --source $ANYWHERE --source-port $UNPRIVILEGED \
                --destination $OUTSIDEIP --destination-port 8021 \
                -j ACCEPT

# allow outgoing tcp packets from 8021
/sbin/iptables  -A OUTPUT -o $OUTSIDEIF -p tcp \
                --source $OUTSIDEIP 8021=20
                --destination $ANYWHERE --destination-port $UNPRIVILEGED =
\
                -j ACCEPT



Davis

------=_NextPart_000_0030_01C21BA0.F01069C0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3315.2870" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>hi;</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I'm wondering if anyone has experience =
setting up=20
iptables for Zope FTP access.&nbsp;&nbsp;I need to add this =
service</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>to my machine, but am not sure what an =
appropriate=20
set of rules would be.&nbsp; This is what I have so far:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3D"Courier New" size=3D2># Zope FTP (port =
8021)</FONT></DIV>
<DIV><FONT face=3D"Courier New" size=3D2><BR># allow incoming tcp =
requests to port=20
8021<BR>/sbin/iptables&nbsp; -A INPUT&nbsp; -i $OUTSIDEIF -p tcp =
\</FONT></DIV>
<DIV><FONT face=3D"Courier New" size=3D2>&nbsp;&nbsp;&nbsp; =
&nbsp;&nbsp;&nbsp;=20
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; --source $ANYWHERE --source-port=20
$UNPRIVILEGED \</FONT></DIV>
<DIV><FONT face=3D"Courier New"=20
size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;--destination=20
$OUTSIDEIP --destination-port 8021 \</FONT></DIV>
<DIV><FONT face=3D"Courier New" size=3D2>&nbsp;&nbsp;&nbsp; =
&nbsp;&nbsp;&nbsp;=20
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; -j ACCEPT</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3D"Courier New" size=3D2># allow outgoing tcp =
packets&nbsp;from=20
8021</FONT></DIV>
<DIV><FONT face=3D"Courier New" size=3D2>/sbin/iptables&nbsp; -A OUTPUT =
-o=20
$OUTSIDEIF -p tcp \</FONT></DIV>
<DIV><FONT face=3D"Courier New" size=3D2>&nbsp;&nbsp;&nbsp; =
&nbsp;&nbsp;&nbsp;=20
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; --source $OUTSIDEIP 8021 =
</FONT></DIV>
<DIV><FONT face=3D"Courier New" size=3D2>&nbsp;&nbsp;&nbsp; =
&nbsp;&nbsp;&nbsp;=20
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; --destination $ANYWHERE =
--destination-port=20
$UNPRIVILEGED \</FONT></DIV>
<DIV><FONT face=3D"Courier New" size=3D2>&nbsp;&nbsp;&nbsp; =
&nbsp;&nbsp;&nbsp;=20
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; -j ACCEPT</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3D"Courier New" size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2><FONT =
face=3DArial>Davis</FONT></DIV></FONT></BODY></HTML>

------=_NextPart_000_0030_01C21BA0.F01069C0--