[Zope] iptables rules for zope webserver

Juergen R. Plasser plasser@hexagon.at
Mon, 02 Dec 2002 10:47:54 +0100 

>From http://www.linuxchix.org/content/courses/security/connection_tracking:

> Unlike most networked services, FTP uses two well-known ports, 20 and 21.
> 20 is the port for FTP data, and 21 is the port for FTP control
> information. This makes an extra hole you have to leave in your firewall
> when you're an FTP server. But the real problem comes when you have an
> FTP client behind a firewall.
>

I don't know if Zope uses 8021 (as control port) and 8020 as data port. You =

need to create rules for the data port.

Juergen

--On Sonntag, 01. Dezember 2002 22:51 -0500 Jianping Zhu=20
<zjp@arches.uga.edu> wrote:

>
> I have a redhat linux 7.1 server with a zope websever on it. I use
> iptables
> as firewall. following is the iptables rules for zope:
>
># =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D
>## Zope
> iptables -=3D INPUT -i $IFACE -p tcp --dport 8080 -j ACCEPT
>
># Allow inbound ftp
> iptables -A INPUT  -i $IFACE -p tcp --dport 8021 -m state --state \
>  NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -o $IFACE -p tcp --storc 8021 -m state --state \
>  ESTABLISHED -j ACCEPT
># =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> I am trying to use ws_ftp to send files to zope sever via port 8021 ( in
> ws_ftp
> session property->advanced i set remote port as 8021 and checked passive
> transfers).  If I stop iptables, i can conect to zope via ftp (port 8021)
> and ftp files to zope. If the iptables is on,  it still can connect to
> zope but i can not see the directories in the remote site text filed of
> the ws_ftp
> windows. it seems that it can connect to zope but can not display the
> directories in zope. and i failed to ftp it the zope server.
> Therefore, i believe the above iptalbles rules for zope have problem. how
> can i
> fix this problem and let zope ftp work?
> Any suggestion will be greatly appreciated.
>
> Jianping
>
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )



--=20
 __  DI J=FCrgen R. Plasser   * *** ***** ****** *********  =
plasser@hexagon.at
/  \ HEXAGON EDV-Dienstleistungen |  A-4221 Steyregg | Weissenwolffstra=DFe =
14
\__/ www.hexagon.at | info@hexagon.at | Internet | ASP | Security | =
Software

Computer science is no more about Computers, than astronomy is about
telescopes. (Dijkstra)