ftp firewall/iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, 2005-07-07 at 16:55 -0700, Dave wrote:
> I just installed CentOS4 on my main server. It runs proftpd and is not NATted..
> 
> When I did the install I said to allow FTP and HTTP. I can ftp from
> windows dos ftp client.
> 
> In IE I get "Unable to build data connection: No route to host"  
> 
> ncftp I get.. 
> Data connection timed out.
> Falling back to PORT instead of PASV mode.
> List failed.
> 
> Wget and FireFox just time out.
> 
>  Anything I need to add to the firewall rules? This is all it has
> related to FTP.
> -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j ACCEPT

These 2 will allow you to connect to port 80 ... if you are running
httpd:

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

Here are the differences between passive mode and active mode FTP ...
and why passive mode is probably best to set up on your server.

http://slacksite.com/other/ftp.html


You will need to allow the passive mode ftp ports you pick in as
well ... if you picked 22222 to 22232 (you would need to set up your ftp
server for passive mode ftp), then this should work:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22222:22232 -j ACCEPT
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos/attachments/20050707/27ae885f/attachment.bin

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux