<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=KOI8-R" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Kharitonov A. Dmitry ÐÉÛÅÔ:
<blockquote cite="mid:49246D59.9070802@rambler.ru" type="cite">[user@SERVER
~]$ sudo lsmod | egrep "ftp|ipt"
<br>
ipt_MASQUERADEššššššššš 7808š 1
<br>
ipt_REJECTššššššššššššš 9472š 705
<br>
iptable_mangleššššššššš 7040š 0
<br>
iptable_natššššššššššš 11652š 1
<br>
iptable_filterššššššššš 7168š 1
<br>
ip_tablesššššššššššššš 17604š 3
iptable_mangle,iptable_nat,iptable_filter
<br>
ipt_REDIRECTššššššššššš 6272š 0
<br>
ipt_LOGššššššššššššššš 10496š 0
<br>
x_tablesšššššššššššššš 18180š 8
xt_state,xt_tcpudp,ipt_MASQUERADE,ipt_REJECT,iptable_nat,ip_tables,ipt_REDIRECT,ipt_LOG
<br>
ip_nat_ftpššššššššššššš 7680š 0
<br>
ip_natšššššššššššššššš 22060š 4
ipt_MASQUERADE,iptable_nat,ipt_REDIRECT,ip_nat_ftp
<br>
ip_conntrack_ftpšššššš 12016š 1 ip_nat_ftp
<br>
ip_conntrackšššššššššš 56800š 6
xt_state,ipt_MASQUERADE,iptable_nat,ip_nat_ftp,ip_nat,ip_conntrack_ftp
<br>
<br>
ÄÅÌÁÀ
<br>
-A INPUT -i wan -p tcp -m tcp --sport 20 ! --tcp-flags FIN,SYN,RST,ACK
SYN -m state --state RELATED,ESTABLISHED -j ACCEPT
<br>
-A INPUT -i wan -p tcp -m tcp --sport 21 ! --tcp-flags FIN,SYN,RST,ACK
SYN -m state --state RELATED,ESTABLISHED -j ACCEPT
<br>
-A OUTPUT -o wan -p tcp -m tcp --dport 20 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
<br>
-A OUTPUT -o wan -p tcp -m tcp --dport 21 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
<br>
<br>
ÚÁÐÕÓËÁÀ firefox
<br>
ERROR
<br>
The requested URL could not be retrieved
<br>
<br>
An FTP protocol error occurred while trying to retrieve the URL:
<a class="moz-txt-link-freetext" href="ftp://ftp.altlinux.org/pub/distributions/">ftp://ftp.altlinux.org/pub/distributions/</a>
<a class="moz-txt-link-rfc2396E" href="ftp://ftp.altlinux.org/pub/distributions/OpenMusic/"><ftp://ftp.altlinux.org/pub/distributions/OpenMusic/></a>
<br>
<br>
Squid sent the following FTP command:*
<br>
*NLST
<br>
**and then received this reply*
<br>
*Use PORT or PASV first.
<br>
Your cache administrator is webmaster <a class="moz-txt-link-rfc2396E" href="mailto:webmaster"><mailto:webmaster></a>.
<br>
Generated Wed, 19 Nov 2008 23:35:09 GMT by server.dimahost
(squid/2.6.STABLE13)
<br>
<br>
ÄÅÌÁÀ
<br>
-A INPUT -i wan -p tcp -m tcp --sport 20 ! --tcp-flags FIN,SYN,RST,ACK
SYN -m state --state RELATED,ESTABLISHED -j ACCEPT
<br>
-A INPUT -i wan -p tcp -m tcp --sport 21 ! --tcp-flags FIN,SYN,RST,ACK
SYN -m state --state RELATED,ESTABLISHED -j ACCEPT
<br>
-A INPUT -i wan -p tcp -m tcp --sport 1024:65535 ! --tcp-flags
FIN,SYN,RST,ACK SYN -m state --state RELATED,ESTABLISHED -j ACCEPT
<br>
-A OUTPUT -o wan -p tcp -m tcp --dport 20 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
<br>
-A OUTPUT -o wan -p tcp -m tcp --dport 21 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
<br>
-A OUTPUT -o wan -p tcp -m tcp --dport 1024:65535 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
<br>
<br>
ÚÁÐÕÓËÁÀ firefox
<br>
÷Ó£ ÎÏÒÍÁÌØÎÏ.
<br>
<br>
ñ, ÔÁË ÐÏÎÉÍÁÀ, ÎÅ ÒÁÂÏÔÁÀÔ
<br>
ip_nat_ftpššššššššššššš 7680š 0
<br>
ip_conntrack_ftpšššššš 12016š 1 ip_nat_ftp
<br>
<br>
<br>
ëÔÏ ÍÎÅ ÒÁÚßÅÓÎÉÔ: ÜÔÏ ÆÉÞÁ ÉÌÉ ÂÁÇ?
<br>
<br>
_______________________________________________
<br>
Sysadmins mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Sysadmins@lists.altlinux.org">Sysadmins@lists.altlinux.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.altlinux.org/mailman/listinfo/sysadmins">https://lists.altlinux.org/mailman/listinfo/sysadmins</a>
<br>
<br>
</blockquote>
ôÏÌØËÏ ×ÞÅÒÁ ÚÁÎÉÍÁÌÓÑ ÎÁÓÔÒÏÊËÏÊ FTP, ×ÏÔ ÐÏ ÜÔÏÊ ÓÔÁÔØÅ
<a class="moz-txt-link-freetext" href="http://www.sys-adm.org.ua/system/ftp-nat.php">http://www.sys-adm.org.ua/system/ftp-nat.php</a><br>
óÄÅÌÁÌ ËÁË ÔÁÍ ÎÁÐÉÓÁÎÏ É ×ÓÅ ÚÁÒÁÂÏÔÁÌÏ, ËÁË × ÐÁÓÓÉ×ÎÏ× ÔÁË É ×
ÁËÔÉ×ÎÏÍ ÒÅÖÉÍÅ<br>
<br>
<div class="moz-signature"><br>
<pre style="font-size: 12px;"><a href="mailto:it@ues.ru"></a>
</pre>
</div>
</body>
</html>