<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=text/html;charset=koi8-r http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16385"></HEAD>
<BODY style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
id=MailContainerBody leftMargin=0 topMargin=0 CanvasTabStop="true"
name="Compose message area">
<DIV><FONT face=Calibri>Hi Leute kann mir jamand helfen bitte </FONT></DIV>
<DIV><FONT face=Calibri>ich habe centos 5.5 als Gateway mit Squid+Havp als
Proxy</FONT></DIV>
<DIV><FONT face=Calibri>eth0 --internet (192.168.178. adsl router) </FONT></DIV>
<DIV><FONT face=Calibri>eth1 -- lan (192.168.2.1)</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>also Proxy funktioniert und iptables auch ping leuft
u.s.w. nun versuche ich von cleint Pc mit Filezilla auf hoster zu zugreifen
(ohne Erfolg) </FONT></DIV>
<DIV><FONT face=Calibri>hier ist mein Konfig von iptables:</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>module :<PRE>modprobe ip_conntrack_ftp
modprobe ip_nat_ftp</PRE></FONT></DIV>
<DIV><FONT face=Calibri>sind auch geladen</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri># Generated by iptables-save v1.3.5 on Wed Apr 20
03:16:17 2011<BR></FONT><FONT face=Calibri>*nat<BR>:PREROUTING ACCEPT
[13:1184]<BR>:POSTROUTING ACCEPT [1:172]<BR>:OUTPUT ACCEPT [1:172]<BR>-A
POSTROUTING -o eth0 -j MASQUERADE <BR>COMMIT<BR># Completed on Wed Apr 20
03:16:17 2011<BR># Generated by iptables-save v1.3.5 on Wed Apr 20 03:16:17
2011<BR>*mangle<BR>:PREROUTING ACCEPT [453:35320]<BR>:INPUT ACCEPT
[453:35320]<BR>:FORWARD ACCEPT [0:0]<BR>:OUTPUT ACCEPT
[342:49808]<BR>:POSTROUTING ACCEPT [342:49808]<BR>COMMIT<BR>#1 Completed on Wed
Apr 20 03:16:17 2011<BR># Generated by iptables-save v1.3.5 on Wed Apr 20
03:16:17 2011<BR>*filter<BR>:INPUT DROP [0:0]<BR>:FORWARD DROP [0:0]<BR>:OUTPUT
ACCEPT [342:49808]<BR>:RH-Firewall-1-INPUT - [0:0]<BR>-A INPUT -j
RH-Firewall-1-INPUT <BR>-A FORWARD -j RH-Firewall-1-INPUT </FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>-A RH-Firewall-1-INPUT -i lo -j ACCEPT <BR>-A
RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT <BR>-A
RH-Firewall-1-INPUT -p esp -j ACCEPT <BR>-A RH-Firewall-1-INPUT -p ah -j ACCEPT
<BR>-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
<BR>#DNS<BR>-A RH-Firewall-1-INPUT -i eth1 -m tcp -p tcp --dport 53 -j
ACCEPT<BR>-A RH-Firewall-1-INPUT -i eth1 -m udp -p udp --dport 53 -j
ACCEPT<BR>-A RH-Firewall-1-INPUT -i eth0 -p udp -s 192.168.178.1 --sport
53 -j ACCEPT<BR>-A RH-Firewall-1-INPUT -i eth0 -p tcp -s 192.168.178.1
--sport 53 -j ACCEPT<BR>#PRINTING<BR>-A RH-Firewall-1-INPUT -i eth1 -p udp -m
udp --dport 631 -j ACCEPT <BR>-A RH-Firewall-1-INPUT -i eth1 -p tcp -m tcp
--dport 631 -j ACCEPT <BR>#Rules for connect to router<BR>#-A
RH-Firewall-1-FORWARD -i eth1 -d 192.168.178.1 -m state --state NEW,ESTABLISHED
-j ACCEPT<BR>#-A RH-Firewall-1-FORWARD -i eth0 -d 192.168.2.0/24 -m state
--state ESTABLISHED -j ACCEPT<BR>#-A RH-Firewall-1-INPUT -m state --state
RELATED,ESTABLISHED -j ACCEPT <BR>#-A RH-Firewall-1-INPUT -p tcp -m state
--state NEW -m tcp --dport 10000 -j ACCEPT </FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>#SQUID<BR>-A RH-Firewall-1-INPUT -i eth1 -p tcp -m state
--state NEW,RELATED,ESTABLISHED -m tcp --dport 3128 -j ACCEPT <BR>-A
RH-Firewall-1-INPUT -i eth1 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m
tcp --dport 8080 -j ACCEPT</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>#VNC<BR>-A RH-Firewall-1-INPUT -i eth1 -p tcp -m state
--state NEW,ESTABLISHED -m tcp --dport 5900 -j ACCEPT <BR>-A RH-Firewall-1-INPUT
-i eth0 -p tcp -m state --state ESTABLISHED,RELATED -m tcp --sport 80 -j
ACCEPT<BR>#HTTPS<BR>-A RH-Firewall-1-INPUT -i eth0 -p tcp -m state --state
ESTABLISHED,RELATED -m tcp --sport 443 -j ACCEPT<BR>#SSH<BR>-A
RH-Firewall-1-INPUT -i eth1 -s 192.168.2.0/24 -m state --state
ESTABLISHED,NEW,RELATED -p tcp --dport 22 -j ACCEPT<BR>#WEBMIN<BR>-A
RH-Firewall-1-INPUT -i eth1 -s 192.168.2.0/24 -p tcp -m state --state
NEW,ESTABLISHED,RELATED -m tcp --dport 10000 -j ACCEPT<BR>#FTP<BR>-A
RH-Firewall-1-INPUT -i eth1 -s 192.168.2.0/24 -m state --state
ESTABLISHED,NEW,RELATED -p tcp --dport 21 -j ACCEPT<BR>-A RH-Firewall-1-INPUT -i
eth0 -m state --state ESTABLISHED,RELATED -p tcp --sport 21 -j ACCEPT
<BR>#Allow active<BR>-A RH-Firewall-1-INPUT -i eth1 -s 192.168.2.0/24 -m state
--state ESTABLISHED,NEW,RELATED -p tcp --dport 20 -j ACCEPT<BR>-A
RH-Firewall-1-INPUT -i eth0 -m state --state ESTABLISHED,RELATED -p tcp
--sport 20 -j ACCEPT<BR>#Allow passive FTP<BR>-A RH-Firewall-1-INPUT -i eth1 -s
192.168.2.0/24 -m state --state ESTABLISHED,NEW,RELATED -p tcp --dport 1024 -j
ACCEPT<BR>-A RH-Firewall-1-INPUT -i eth0 -m state --state
ESTABLISHED,RELATED -p tcp --sport 1024 -j ACCEPT<BR>#log end <BR>-A
RH-Firewall-1-INPUT -i eth1 -j LOG --log-level debug --log-prefix "EHT1
-FROM LAN "<BR>-A RH-Firewall-1-INPUT -i eth0 -j LOG
--log-level debug --log-prefix "EHT0 -From INTERNET "<BR>-A
RH-Firewall-1-INPUT -j DROP<BR>COMMIT<BR># Completed on Wed Apr 20 03:16:17
2011<BR></FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>danke Evgenij</FONT></DIV>
<DIV><FONT face=Calibri> </DIV></FONT></BODY></HTML>