Help me with my webmin firewall (iptables)?

[alyarb]

Hi, I have set up a web/FTP server running Debian with ISPConfig and Webmin. Here is a screenshot of my firewall config as of right now:

http://dl.dropbox.com/u/594924/fw.png

but I'm denied access to my FTP with this config. I need this firewall to be as strict as possible but at least get me to my FTP. any comments and advice are appreciated

 

[Nothinman]

I don't think any of those rules should work because you want the destination port to be 21, not the source.

 

[alyarb]

ugh, sorry. i'll get back to you.

thanks
___________________________________


Ok, now that that's fixed... I'm getting the same error. It times out, says my user is ok, but my password is "required," even though I'm connecting with a saved profile that includes the password (client is WinSCP).

When I set the default action to "accept" for the input filter, it connects me right away.

 

[mv2devnull]

WinSCP? Is it really ftp that you do use or is it ftp via ssh tunnel?

 

[alyarb]

I know WinSCP has many capabilities but the profile for this connection is FTP. With or without TLS, I cannot connect with the config in the updated screenshot unless I change the default input behavior of the firewall to "accept."

Same result with other FTP clients/browsers

 

[mv2devnull]

Can you open a terminal session to the machine?
Can you add a LOG rule and somehow read the logs?
What if you open port tcp/22 (the ssh)?

 

[alyarb]

I can get to a terminal through the vSphere console or from the webmin command shell.

Not proficient enough in linux to understand how to add a log rule, or to know what clues I would find in the log (and shouldn't the firewall be logging by default)?

Or do you mean configure a "log packet" rule in the webmin iptables gui? Should I do this for all traffic?

Opening port 22 doesn't do anything for FTP, but allows me to connect with the default WinSCP profile, SSH/SFTP. I really need FTP working, though.

 

[alyarb]

got it. thank you guys