iptables firewall/ftp problem
JR
jr at JohnRudnick.com
Fri Jun 4 15:32:22 UTC 2004
Steve do something like this:
IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe
$MODPROBE -v ip_conntrack_ftp
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 21 -m state --state NEW
$IPTABLES -A OUTPUT -p tcp -j ACCEPT --dport 21 -m state --state NEW
$IPTABLES -A OUTPUT -p tcp -j ACCEPT --dport 20 -m state --state NEW
JR
--
John Rudnick | http://JohnRudnick.com | 847-541-2811
Ask Me About Top Notch Web Hosting & Programming!
RHCE# 808003122507415, MySQL# 206067847
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Steve Buehler
Sent: Friday, June 04, 2004 10:22 AM
To: redhat-list at redhat.com
Subject: iptables firewall/ftp problem
I have been trying to learn how to use iptables for a firewall on RHEL
3.x
and it seems pretty easy. I have one problem though. When it is setup
on
two systems, I can't ftp. Here are the firewall rules, from and
"iptables
-L" that are identical on both machines that should allow ftp from
anywhere
and all ports open on the local network. This is the first rule in the
firewall tables.
ACCEPT tcp -- anywhere anywhere tcp
multiport
dports ssh,ftp,ftp-data,http,https,smtp,10000
Ftp will connect, but when I try to do an 'ls' in ftp or ncftp, I get:
NcFTP 3.1.7 (Jan 07, 2004) by Mike Gleason
(http://www.NcFTP.com/contact/). Connecting to
192.168.1.3...
(vsFTPd 1.2.1)
Logging
in...
Login successful.
Logged in to
192.168.1.3.
ncftp /home/steve > ls
connect failed: No route to host.
Falling back to PORT instead of PASV mode.
Could not accept a data connection: Connection timed out.
List failed.
I have turned passive mode of and passive mode on and get pretty much
the
same results either way. I can ftp to either server from another linux
box
that does NOT have an iptables firewall on it. I have even tried
opening
both machines up so that anything coming from the internal network of
192.168.1/24 (and 192.168.1.0/24) will allow everything. Still get the
same results. The only way that I seem to be able to get it to work at
all
is if I turn the firewall OFF all together on at least one of the
machines. I know there is something that I must be missing. Any help
would be appreciated.
Thanks
Steve
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list