iptables firewall/ftp problem
Steve Buehler
steve at ibapp.com
Fri Jun 4 15:21:34 UTC 2004
I have been trying to learn how to use iptables for a firewall on RHEL 3.x
and it seems pretty easy. I have one problem though. When it is setup on
two systems, I can't ftp. Here are the firewall rules, from and "iptables
-L" that are identical on both machines that should allow ftp from anywhere
and all ports open on the local network. This is the first rule in the
firewall tables.
ACCEPT tcp -- anywhere anywhere tcp multiport
dports ssh,ftp,ftp-data,http,https,smtp,10000
Ftp will connect, but when I try to do an 'ls' in ftp or ncftp, I get:
NcFTP 3.1.7 (Jan 07, 2004) by Mike Gleason (http://www.NcFTP.com/contact/).
Connecting to
192.168.1.3...
(vsFTPd 1.2.1)
Logging
in...
Login successful.
Logged in to
192.168.1.3.
ncftp /home/steve > ls
connect failed: No route to host.
Falling back to PORT instead of PASV mode.
Could not accept a data connection: Connection timed out.
List failed.
I have turned passive mode of and passive mode on and get pretty much the
same results either way. I can ftp to either server from another linux box
that does NOT have an iptables firewall on it. I have even tried opening
both machines up so that anything coming from the internal network of
192.168.1/24 (and 192.168.1.0/24) will allow everything. Still get the
same results. The only way that I seem to be able to get it to work at all
is if I turn the firewall OFF all together on at least one of the
machines. I know there is something that I must be missing. Any help
would be appreciated.
Thanks
Steve
More information about the redhat-list
mailing list