On 12/11/06, Troy Knabe <knabe@xxxxxxxxxxx> wrote:
Thanks to everyone who responded. When you do an ls or dir on a remote host, it creates a "new" connection back to the server, so it is not persistent. It appears to be grabbing a random port in the 53*** area.
Such is the nature of the FTP protocol.
Is there syntax in iptables to allow all ports from a host over port 1024?
Try "iptables -A INPUT -p tcp -s A.B.C.D/255.255.255.255 --dport 1024:65535 -j ACCEPT"
I also had to issue the *passive* command once connected before I could run an ls or dir.
"passive" indicates that the FTP client indicates the data connection to the server, while using "active" mode (normally the default) the FTP server initiates the data connection back to the client (which can present problems if there is a firewall active). -j -- Jeremy L. Gaddis, MCP, GCWN http://www.linuxwiz.net/ -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
