On December 17, 2003 09:05 pm, Bob Smith wrote: > Hi. I'm running Red Hat 9 on an internet facing server, and have > chosen vsftp as the FTP server. The system is firewalled using > IP tables, and has ports open for FTP service (20 and 21). > > Currently I can access the FTP server on the box, but not from the > Internet. I had the same configuration when I was building the local > box on the network and was able to FTP from other machines on my > local network. > > Does anyone have any suggestions on how to make vsftp accessible > via the Internet? So far my other firewall openings are working for > the servers they represent, it's just this one. > > Any help would be appreciated. > > Thanks, > > -Bob Smith Hi Bob, If you are only opening 20 & 21 then you need to be using active (not passive) ftp. Generally passive is preffered as it uses some-what random ports to listen on for the data channel. The problem is that you must open a number of ports thru the firewall. Have a look in iptable (netfilter) for an ftp module to use with passive ftp (I think you use the match arg to allow 'related'). >From inside your network you are probably using relaxed rules so your machines can access the server via passive ftp. active vs passive ftp: http://slacksite.com/other/ftp.html iptables/netfilter: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html hope that helps. -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
