vsftp passive mode / iptables issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I've been struggling with my firewall and getting vsftp to work in 
passive mode.

It seems that everything on this hosting server works just fine without 
the eth0 entry in my iptables except for vsftp in passive. Am I opening 
up too much by adding the eth0 line?

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT                  <---- THIS ENTRY
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 20 --state NEW -j 
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j 
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j 
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 25 --state NEW -j 
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j 
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 110 --state NEW -j 
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 443 --state NEW -j 
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 465 --state NEW -j 
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 587 --state NEW -j 
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 995 --state NEW -j 
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 5561 --state NEW 
-j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

TIA!

John Hinton

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux