I've read most of this, but still have some questions. I tried setting the passive ports above 1024, and that didn't help. The problem lies in the actual attempt to connect. I'm issuing the FTP command, and I'm getting the following time out error:
> ftp: connect :Connection timed out
The iptable rules for ports 20 and 21 are the same syntax as those that open ssh and smtp, among others, but they don't seem to be allowing a connection from the outside world.
Thanks for your time!
-Bob
Pete Nesbitt wrote:
On December 17, 2003 09:05 pm, Bob Smith wrote:
Hi. I'm running Red Hat 9 on an internet facing server, and have chosen vsftp as the FTP server. The system is firewalled using IP tables, and has ports open for FTP service (20 and 21).
Currently I can access the FTP server on the box, but not from the Internet. I had the same configuration when I was building the local box on the network and was able to FTP from other machines on my local network.
Does anyone have any suggestions on how to make vsftp accessible via the Internet? So far my other firewall openings are working for the servers they represent, it's just this one.
Any help would be appreciated.
Thanks,
-Bob Smith
Hi Bob,
If you are only opening 20 & 21 then you need to be using active (not passive) ftp. Generally passive is preffered as it uses some-what random ports to listen on for the data channel. The problem is that you must open a number of ports thru the firewall. Have a look in iptable (netfilter) for an ftp module to use with passive ftp (I think you use the match arg to allow 'related').From inside your network you are probably using relaxed rules so yourmachines can access the server via passive ftp.
active vs passive ftp: http://slacksite.com/other/ftp.html
iptables/netfilter: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
hope that helps.
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
