0

So i have difficulties with my iptables in my virtual machine with Linux. Basically what i want to achieve is to one-way block FTP access for 1 client connected on the network. With that i mean: Client 1 can connect to the server, but not recieve any files... Or just block the connect, and the client cannot access the server anyway, which ever would work.

I dont want to use stateful filtering, just as basic iptables as possible. From Googling alot, i simply cannot get my rules to work.. :( This is what i got so far that does not work.

This is the setup i have:

Client 1                   Server               
  [X]-----ftp,ping-----------[O]
 .118                       .207          

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p 192.168.1.118 -p tcp -i eth0 --dport 20 -j ACCEPT
iptables -A INPUT -p 192.168.1.118 -p tcp -i eth0 --dport 21 -j ACCEPT

iptables -A OUTPUT-p 192.168.1.118 -p tcp -o eth0 --dport 5000:50000 -j ACCEPT
iptables -A OUTPUT-p 192.168.1.118 -p tcp -i eth0 --sport 5000:50000 -j ACCEPT

So the ping should work from and to 192.168.1.118, and the FTP(connecting and reciving), but other clients are affected and denied access to the FTP. Im not sure how i am going to solve this rules.. Do you see any obvious faults with the iptables? Would really appreciate some help :)

jabbeboy
  • 1
  • 2

1 Answers1

0

I think that you need ! in from the ip you don't want to allow

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -o eth0 --sport 22 -j ACCEPT

iptables -A INPUT -p tcp ! -d 192.168.1.118 -i eth0 --dport 20:21 -j ACCEPT

iptables -A OUTPUT -p tcp ! -d 192.168.1.118 -o eth0 --dport 5000:50000 -j ACCEPT
iptables -A OUTPUT -p tcp ! -d 192.168.1.118 -o eth0 --sport 5000:50000 -j ACCEPT
c4f4t0r
  • 5,149
  • 3
  • 28
  • 41