Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > network management > Content
Hot Articles
The share network manage
Can Inforenz crack the c
NUUO Surveillance Softwa
NUUO helps prevent accid
Aladdin's HASP Secures C
North Somerset Council p
BT4 Internet Settings sk
The discovery discovers
Batch open 3389 port pro
The share network manage
Pubwin2007 explains all
The computer password ex
SQL pours into the new t
VoIP security crack anal
OpenSSH Buffer Managemen
Recommend Articles
The expert analyzes ten
Safeguard system clean n
Graphic solution IE8 man
SQL pours into the new t
Why can't hundreds of th
Prevents the hacker to i
Teaches you to close the
The share network manage
Chats in local area netw
About the network connec
Let the network transmis
Explains in detail virtu
To hoodlum software and
Careful system initiatio
The common wooden horse
New Articles
The GHOST of Win7 before
Windows 7 of VMware wire
Examples of skills again
360 security experts war
Give oneself of the Inte
Ensure the Web applicati
Banned WVS scanner scann
By 2010, the introductio
Website backlinks going
Win7 desktop screen
Protection were cloud se
Ensure the effective DNS
Talk about ADSL safety p
Expose a seo's attack mo
Linux (RHEL5) regular se
VSFTPD server script erection safety
  Add date: 02/25/2011   Publishing date: 02/25/2011   Hits: 29

In the practical work, can use the following script erect a very safe internal FTP server. Of course can also support the Wireshark understanding of passive and active VSFTPD distinction, with the machine 192.168.0.18 as an example, the script is as follows:

 

#! / bin/bash

Iptables - F

Iptables - X

Iptables - Z

Iptables - t NAT - F

Iptables - t NAT - X

Iptables - t NAT - Z

 

 

# open IP forwarding function

Echo "1" > / proc/sys/asp.net/ipv4 / ip_forward

# loading some module function FTP need

Modprobe ip_conntrack_ftp

Modprobe ip_conntrack - TFTP

Modprobe ip_nat_ftp

Modprobe ip_nat_tftp

# to safer, will OUTPUT defaults defined as DROP

Iptables - P INPUT DROP

Iptables - P OUTPUT DROP

Iptables - P ACCEPT FORWARD

Open the machine lo # ring back orifice, the proposal is open, not open to appear some puzzling problem

Iptables - A INPUT - I ACCEPT lo - j

Iptables - A OUTPUT - o ACCEPT lo - j

# below the script is the key, VSFTPD erection safety after two sentences scripts are release server to the client response and has established connection packets, because of passive FTP is more complex, six times shake hands, so here using the state to do

Iptables - A INPUT - s 192.168.0.0/24 - p TCP - 21 - j dport ACCEPT

Iptables - A OUTPUT - d 192.168.0.0/24 - p TCP - 21 - j could ACCEPT

Iptables - A INPUT state - state - m, ACCEPT those youve built A relationship - j

Iptables - A OUTPUT - state - state, those m youve built A relationship - j ACCEPT
Prev:Nine recruit prevent Windows autoplay draws virus Next:Linux system of SYN attack against measures

Comment:

Category: Home > network management
Home