Categories
CentOS Debian FTP Server Network Proxmox Security Shell Windows

Set a range of ports in iptables

How to list a range of ports in iptables config file you can read there

it is quite easy to get how to:

was a simple task to a forward range of ports for File Zilla FTP Server on a virtual server that running in Proxmox

to avoid crucial listing of full ports volume like this:

-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -d 192.168.1.101/32 -i enp4s0 -p tcp -m tcp --dport 20 -j ACCEPT
-A FORWARD -d 192.168.1.101/32 -i enp4s0 -p tcp -m tcp --dport 21 -j ACCEPT
-A PREROUTING -i enp4s0 -p tcp -m tcp --dport 20:21 -j DNAT --to-destination 192.168.1.101:20
-A PREROUTING -i enp4s0 -p tcp -m tcp --dport 20:21 -j DNAT --to-destination 192.168.1.101:21

we can use listing in range:

-A INPUT -p tcp -m tcp --dport 20:21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 45000:46000 -j ACCEPT
-A FORWARD -d 192.168.1.101/32 -i enp4s0 -p tcp -m tcp --dport 20:21 -j ACCEPT
-A FORWARD -d 192.168.1.101/32 -i enp4s0 -p tcp -m tcp --dport 45000:46000 -j ACCEPT
-A PREROUTING -i enp4s0 -p tcp -m tcp --dport 20:21 -j DNAT --to-destination 192.168.1.101:20-21
-A PREROUTING -i enp4s0 -p tcp -m tcp --dport 45000:46000 -j DNAT --to-destination 192.168.1.101:45000-46000

than it could be apply and save as rules:

~ # iptables-restore < iptables_rules_20200710_ftp_filezilla
~ # iptables-save > iptables_rules_20200710_ftp_filezilla

Exactly for File Zilla FTP Server, it should be set the same range of ports for passive mode:

Please be free to ask me any question.

Leave a Reply