From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nsemenov@instep.spb.ru>
Date: Fri, 4 Jun 2004 12:43:19 +0400
From: Nikita Semenov <nsemenov@instep.spb.ru>
X-Mailer: The Bat! (v2.10.03) Personal
Organization: InterStep
X-Priority: 3 (Normal)
Message-ID: <39417481.20040604124319@instep.spb.ru>
To: "Community@altlinux.ru" <community@altlinux.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit
X-Spam-Processed: instep.spb.ru, Fri, 04 Jun 2004 12:41:06 +0400
	(not processed: message from valid local sender)
X-MDRemoteIP: 192.168.1.189
X-Return-Path: nsemenov@instep.spb.ru
X-MDaemon-Deliver-To: community@altlinux.ru
Subject: [Comm] iptables+ftp
X-BeenThere: community@altlinux.ru
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: community@altlinux.ru
List-Id: Mailing list for ALT Linux users <community.altlinux.ru>
List-Unsubscribe: <https://lists.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=unsubscribe>
List-Archive: <http://lists.altlinux.ru/pipermail/community>
List-Post: <mailto:community@altlinux.ru>
List-Help: <mailto:community-request@altlinux.ru?subject=help>
List-Subscribe: <https://lists.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2004 08:43:58 -0000
Archived-At: <http://lore.altlinux.org/community/39417481.20040604124319@instep.spb.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

Здравствуйте. Второй день бъюсь, туплю, не могу открыть ftp. Вот
iptables:

#!/bin/bash

INET_IP="195.144.253.5"
INET_IFACE="eth0"
LO_IFACE="lo"
LO_IP="127.0.0.1"
IPTABLES="/sbin/iptables"

#Flash All rules
$IPTABLES -F
$IPTABLES -X

#Policies
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT

#Specified chains creation
$IPTABLES -N inet
$IPTABLES -A INPUT -i $INET_IFACE -j inet

#loopback paranoia
$IPTABLES -A INPUT -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -i lo -s \! localhost/8 -j REJECT
$IPTABLES -A INPUT -s localhost -j ACCEPT

#Restrictive rules
$IPTABLES -A inet -p tcp --tcp-flags ALL SYN --dport ssh -j ACCEPT
$IPTABLES -A inet -p udp                     --dport ssh -j ACCEPT
$IPTABLES -A inet -p udp                     --dport domain -j ACCEPT
$IPTABLES -A inet -p udp                     --sport domain -j ACCEPT
$IPTABLES -A inet -p tcp                     --dport domain -j ACCEPT
$IPTABLES -A inet -p tcp                     --sport domain -j ACCEPT
$IPTABLES -A inet -p tcp                     --dport http -j ACCEPT
$IPTABLES -A inet -p udp                     --dport ntp -j ACCEPT
$IPTABLES -A inet -p tcp                     --dport 21 -j ACCEPT
$IPTABLES -A inet -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

#Kill other udp
$IPTABLES -A inet -p udp -d $INET_IP -j REJECT

#Kill other tcp
$IPTABLES -A inet -p tcp --tcp-flags ALL SYN -d $INET_IP -j REJECT


Что не так делаю? Заранее спасибо.
-- 
Best regards,
Nikita Semenov
System Administrator
InterStep
+7(812)324-8020
nikita@inter-step.ru
ICQ: 3939833