On 12/1/05, James Pifer <jep@xxxxxxxxxxxxxxxx> wrote:
> I have a server that is running iptables. I'm trying to allow vsftpd in
> and have the following rules. I can connect to it, but when I try to do
> a listing it says "Entering Passive Mode" but doesn't do anything.
>
> Any suggestions?
>
> Thanks,
> James
>
> # define it
> -N FTP_INP
> -A INPUT -p tcp --syn --sport 1024: --dport 21 -m state --state NEW -j
> FTP_INP
>
> # rules
> -A FTP_INP -j ACCEPT
>
> # go back
> -A FTP_INP -j RETURN
>
> -N FTP_OUT
> -A OUTPUT -p tcp --sport 1024: --dport 21 -m state --state NEW -j
> FTP_OUT
> -A FTP_OUT -j ACCEPT
> -A FTP_OUT -j RETURN
A few things for you to investigate:
in your vsftpd.conf file
pasv_max_port
pasv_min_port
In your /etc/sysconfig/iptables-config
conntrack (connection tracking)
basically ftp doesn't stay on port 21. These few things will let you
get it under control and slap it around.
--
Jim Perrin
System Architect - UIT
Ft Gordon & US Army Signal Center
