Re: I need iptables ftp nat help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/23/2018 09:06 PM, Todd Chester wrote:



On 08/23/2018 12:14 PM, Mike Wright wrote:

On 08/23/2018 11:50 AM, ToddAndMargo wrote:

On 08/23/2018 11:41 AM, Mike Wright wrote:

On 08/23/2018 11:23 AM, ToddAndMargo wrote:


Just ftp client and I want to support both active and passive mode



This covers both:

http://www.devops-blog.net/iptables/iptables-settings-for-outgoing-ftp

:m


Hi Mike,

That is a description of what is happening.

I am looking for Fedora specific iptables instructions.
iptables rules are processed by the kernel.  They are distribution agnostic. 

:m


Yippee!!

I still the directions.  What worked on RHEL, does not
work on Fedora, so what am I doing wrong?
My *hunch* is that you are running firewalld and that the default rules for firewalld changed between RHEL and fedora. Mind you, beneath firewalld lies, you guessed it, iptables. 

Execute:

  firewall-cmd --state
  echo $?
If the result is 0 you are running firewalld. Anything else, you're dealing directly with iptables. Regardless, you can always manually insert and delete rules using /sbin/iptables.
The iptables rules in the link that I referred to above can be inserted into the kernel by taking each of the rules, in order, and preceding them with /sbin/iptables (iptables being the name of the program that parses the rules and inserts/deletes/etc them). 

e.g. /sbin/iptables -A INPUT -p tcp ...
But before you do that - iptables processes rules in the order they are listed. To prevent time wasting by adding (that's what the -A does) your rules to the end of the list where you may have already been blocked use "-I 1" which will insert your rule(s) before any other rules in the chains (groups of rules such as INPUT, OUTPUT, PREROUTING, etc).
If you are running firewalld and inserting those rules allows FTP to work ask again on the list for help with firewalld. 

Best,
:m
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/JYEXLCDIFMIX5R7ISBC5Y6DHFC4O33MF/
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux