Need to Restrict Ftp on WAN Allow only on LAN
1. Restrict FTP access on internet WAN. Only LAN users can use FTP.
2. In internet users (client) can only view Http site. Ftp should restricted on internet.
10.10.10.0/24 - Please use your own ip subnet address
Use this code to address the ftp issue
iptables -I INPUT 1 -p tcp -s 10.10.10.0/24 -m multiport --dport 21 -m state --state NEW -i eth0 -j ACCEPT
Use this code to address the html issue, allows users from the internet to connect to the server from external connect (i.e. 192.168.1.10 - web server)
iptables -I INPUT 2 -p tcp -d 192.168.1.10 -m multiport --dport 80 -m state --state NEW -i eth1 -j ACCEPT
iptables -I INPUT 3 -p tcp -d 192.168.1.0/24 -m multiport 21 -i eth1 -j DROP
#This will block ACCESS TO FTP FROM OUTSIDE WORLD
iptables -I INPUT -i <WAN-Interface-name> -p tcp --dport 20 -j DROP
iptables -I INPUT -i <WAN-Interface-name> -p tcp --dport 21 -j DROP
# TO ALLOW ONLY WEB ACCESS FROM OUTSIDE WORLD
iptables -I INPUT -i <WAN-Interface-name> -p tcp --dport 80 -j ACCEPT
No comments:
Post a Comment