HPE Community
Operating System - Linux
1828664 Members
1456 Online
109984 Solutions
New Discussion

firewall and ftp

 
SOLVED
Go to solution
Ignacio Rodríguez Arrós
Frequent Advisor

‎03-21-2004 11:02 PM

‎03-21-2004 11:02 PM

firewall and ftp

I want to make ftp from one of the pc´s on my net, but as i have configured a firewall in linux, i can´t. In the firewall ports 20 and 21 are open, but i can only set a ftp conection but not get data. With iptables line must i put in the linux firewall to permit active ftp
0 Kudos
Reply
5 REPLIES 5
Alexander Chuzhoy
Honored Contributor

‎03-22-2004 12:50 AM

‎03-22-2004 12:50 AM

Re: firewall and ftp

also open 21 and 20 udp ports
you need to have in your list the open ports first and the deny rule should come after it...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-22-2004 05:18 AM

‎03-22-2004 05:18 AM

Re: firewall and ftp

-A INPUT -i eth0 -p tcp -m tcp -- dport 21 -j okay

-A INPUT -i eth0 -p tcp -m tcp -- dport 20 -j okay

in /etc/sydconfig/iptables

if the firewall is not on eth0 adjust that.

save

service iptables restart

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎03-22-2004 05:08 PM

‎03-22-2004 05:08 PM

Solution

Re: firewall and ftp

You've not detailed what sort of firewalling you're doing, whether you're NAT/Masquerading your local connections via a single 'net connection etc..

My guess is that you are.

You'll also need to insert a few new modules:

modprobe ip_nat_ftp ip_conntrack_ftp

With those two, all should be happy.
One long-haired git at your service...
Reply
Manuel Wolfshant
Trusted Contributor

‎03-22-2004 05:10 PM

‎03-22-2004 05:10 PM

Re: firewall and ftp

Actually I think it would be beter to use:

iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

if still no go, include some lines for the OUTPUT chain too:
iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

this would use stateful filtering and take care of both active and passive FTP.
Of course, these are just raw rules, you might wish to adjust them depending on your setup, to only allow traffic from certain machines, through certain interfaces, and so on.
0 Kudos
Reply
Ignacio Rodríguez Arrós
Frequent Advisor

‎03-22-2004 08:08 PM

‎03-22-2004 08:08 PM

Re: firewall and ftp

Thanks to all, the problem was that ip_nat_ftp wasn´t load, the 10 points to Stuart Brown
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.