Ver Mensaje Individual
  #4 (permalink)  
Antiguo 16/11/2006, 05:31
Avatar de mape367
mape367
 
Fecha de Ingreso: noviembre-2004
Ubicación: CDE, Paraguay
Mensajes: 213
Antigüedad: 20 años, 1 mes
Puntos: 3
Buenas

AleSanchez, la distribución que utilizo es Debian. Lo que quiero hacer es: liberar el puerto que utiliza el servidor FTP (nose cuál es el puerto), ya que ahora esta bloqueado por el firewall. Pero sólo quiero liberarlo para las conexiones salientes, no las entrantes. No quiero habilitar para que se conecten a mi server por FTP.
El puerto 2082 es un puerto que utiliza el panel de control de mi servicio de hosting, y desde que se instaló el firewall no puedo acceder a él.

Aqui está lo que me arroja iptables-save:
Código:
internet:/etc# iptables-save
# Generated by iptables-save v1.2.11 on Thu Nov 16 05:24:54 2006
*mangle
:PREROUTING ACCEPT [434321:167694496]
:INPUT ACCEPT [35415:4570166]
:FORWARD ACCEPT [398906:163124330]
:OUTPUT ACCEPT [47267:6044793]
:POSTROUTING ACCEPT [433898:167886609]
COMMIT
# Completed on Thu Nov 16 05:24:54 2006
# Generated by iptables-save v1.2.11 on Thu Nov 16 05:24:54 2006
*filter
:INPUT DROP [1726:154908]
:FORWARD DROP [2:2128]
:OUTPUT DROP [12775:1406890]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.y.y/255.255.255.0 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 5051 -j ACCEPT
-A INPUT -p udp -m udp --dport 5052 -j ACCEPT
-A INPUT -p udp -m udp --dport 5053 -j ACCEPT
-A INPUT -p udp -m udp --dport 5054 -j ACCEPT
-A INPUT -p udp -m udp --dport 5010 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j LOG --log-prefix "FIREWALL - SSH: "
-A INPUT -p tcp -m tcp --dport 21 -j LOG --log-prefix "FIREWALL - FTP: "
-A INPUT -p tcp -m tcp --dport 23 -j LOG --log-prefix "FIREWALL - TELNET: "
-A INPUT -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 201.22.95.63 -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -m state --state NEW -j ACCEPT
-A FORWARD -p udp -m udp --dport 5051 -j ACCEPT
-A FORWARD -p udp -m udp --dport 5052 -j ACCEPT
-A FORWARD -p udp -m udp --dport 5053 -j ACCEPT
-A FORWARD -p udp -m udp --dport 5054 -j ACCEPT
-A FORWARD -p udp -m udp --dport 5010 -j ACCEPT
-A FORWARD -s 10.50.1.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT
-A FORWARD -s 10.50.2.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT
-A FORWARD -s 10.50.3.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT
-A FORWARD -s 10.50.4.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 1863 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 5190 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 3050 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A FORWARD -s 192.168.y.y/255.255.255.0 -p icmp -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -s 192.168.z.z -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.y.y/255.255.255.0 -m state --state NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -s 201.22.95.63 -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
COMMIT
# Completed on Thu Nov 16 05:24:54 2006
# Generated by iptables-save v1.2.11 on Thu Nov 16 05:24:54 2006
*nat
:PREROUTING ACCEPT [49556:2778797]
:POSTROUTING ACCEPT [11271:967641]
:OUTPUT ACCEPT [40886:3435623]
-A PREROUTING -s 10.50.1.0/255.255.255.0 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.x.x
-A PREROUTING -s 10.50.2.0/255.255.255.0 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.x.x
-A PREROUTING -s 10.50.3.0/255.255.255.0 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.x.x
-A PREROUTING -s 10.50.4.0/255.255.255.0 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.x.x
-A POSTROUTING -s 192.168.x.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 53 -j SNAT --to-source 200.3.254.x
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 80 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 25 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 110 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 443 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 1863 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 5190 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 3050 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -o eth1 -p tcp -m tcp --dport 8080 -j SNAT --to-source 200.3.254.22
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -p icmp -j MASQUERADE
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -p tcp -m tcp --dport 53 -j MASQUERADE
-A POSTROUTING -s 192.168.y.y/255.255.255.0 -p udp -m udp --dport 53 -j MASQUERADE
-A POSTROUTING -s 192.168.z.z -j MASQUERADE
COMMIT
pablasso, llegue a init.d, y este es el listado de archivos, pero nose que hacer ahi.

Código:
internet:/etc# ls
adduser.conf       crontab              exim4         inputrc          mdadm             pam.conf        rmt
adjtime            cron.weekly          fdmount.conf  iproute2         mediaprm          pam.d           rpc
aliases            csh.cshrc            fstab         issue            mime.types        passwd          samba
alternatives       csh.login            ftpusers      issue.net        mkinitrd          passwd-         securetty
apache             csh.logout           groff         kernel-img.conf  modprobe.d        perl            security
apm                cups                 group         ldap             modules           php4            services
apt                debconf.conf         group-        ld.so.cache      modules.conf      ppp             shadow
at.deny            debian_version       gshadow       locale.alias     modules.conf.old  printcap        shadow-
bash.bashrc        default              gshadow-      locale.gen       modutils          profile         shells
bash_completion    deluser.conf         host.conf     localtime        motd              protocols       skel
bash_completion.d  dhclient.conf        hostname      logcheck         mtab              python2.3       ssh
bind               dhclient-script      hosts         login.defs       mtools.conf       rc0.d           sysctl.conf
calendar           dhcp3                hosts.allow   logrotate.conf   Muttrc            rc1.d           syslog.conf
chatscripts        dictionaries-common  hosts.deny    logrotate.d      mysql             rc2.d           terminfo
complete.tcsh      discover.conf        hotplug       magic            nanorc            rc3.d           timezone
console            discover.conf-2.6    hotplug.d     mailcap          network           rc4.d           ucf.conf
console-tools      discover.d           identd.conf   mailcap.order    networks          rc5.d           updatedb.conf
cron.d             dpkg                 identd.key    mailname         nsswitch.conf     rc6.d           vsftpd.conf
cron.daily         emacs                inetd.conf    mail.rc          openoffice        rcS.d           w3m
cron.hourly        email-addresses      init.d        manpath.config   openvpn           reportbug.conf  wgetrc
cron.monthly       environment          inittab       mc               opt               resolv.conf
Desde ya muchas gracias por las respuestas.

Saludos