HPE Community
Operating System - Linux
1827006 Members
2286 Online
109712 Solutions
New Discussion

which iptables entries are needed for custom ftp service

 
Debbie Fleith
Regular Advisor

‎03-26-2008 01:44 PM

‎03-26-2008 01:44 PM

which iptables entries are needed for custom ftp service

I'm getting "no route to host" erors when trying to send or retrieve files from my new RH 5 Linux system, using a custom ftp service that we implement years ago.

Our /etc/services entries for this ftp service are:
adaftp-data 3020/tcp
adaftp 3021/tcp

Do I need to add both of these tcp ports to my iptables configuration?
0 Kudos
Reply
8 REPLIES 8
slydmin
Advisor

‎03-26-2008 02:28 PM

‎03-26-2008 02:28 PM

Re: which iptables entries are needed for custom ftp service

Could you provide more information?

Assuming the FTP service is on this new RH 5 Linux system, can you ping to this server?

if you are able ssh/consolelogin to the server, do a netstat -ant to make sure ftp is listening on that port 3021.

0 Kudos
Reply
Jeeshan
Honored Contributor

‎03-27-2008 02:06 AM

‎03-27-2008 02:06 AM

Re: which iptables entries are needed for custom ftp service

may be you have no route entry to other hosts.

dont't need to add adaftp-data in iptables. You can add entry of 21 port in iptables.
a warrior never quits
0 Kudos
Reply
skt_skt
Honored Contributor

‎03-27-2008 02:29 AM

‎03-27-2008 02:29 AM

Re: which iptables entries are needed for custom ftp service

disable the IP table if not mandatory. Try and configure/test the normal ftp first and make sure that is working itself.
0 Kudos
Reply
skt_skt
Honored Contributor

‎03-27-2008 02:32 AM

‎03-27-2008 02:32 AM

Re: which iptables entries are needed for custom ftp service

Enabling ftp logging in Linux which can give more verbose information when u look at /var/log/vsftpd.log

â ¢ Update /etc/vsftpd/vsftpd.conf with xferlog_std_format=NO from xferlog_std_format=YES


When enabled, all FTP requests and responses are logged, providing the option xferlog_std_format is not enabled. Useful for debugging.

Default: NO

â ¢ Add log_ftp_protocol=YES at the end of /etc/vsftpd/vsftpd.conf

â ¢ Uncomment xferlog_file=/var/log/vsftpd.log on /etc/vsftpd/vsftpd.conf

Default log file is /var/log/xferlog


â ¢ Restart the vsftpd service


0 Kudos
Reply
Debbie Fleith
Regular Advisor

‎03-27-2008 04:23 AM

‎03-27-2008 04:23 AM

Re: which iptables entries are needed for custom ftp service

Normal vsftpd is working fine. If I disable iptables, I don't have the problem. Yes, I can ping this server and ssh into it.

How do I determine if iptables is mandatory? If this server is going into a LAN that has a firewall already, can I safely keep iptables disabled?
0 Kudos
Reply
Jeeshan
Honored Contributor

‎03-27-2008 05:39 AM

‎03-27-2008 05:39 AM

Re: which iptables entries are needed for custom ftp service

you figure out yourself what is your scenario.

if you wanna make system more secure than keep iptables but make sure you can access significant services.

another thing is you need not to set iptables entry with software or service level, you can specify it with tcp or udp port basis. coz a software or service level may need another tcp or udp port that may be block.
a warrior never quits
0 Kudos
Reply
Debbie Fleith
Regular Advisor

‎03-27-2008 08:27 AM

‎03-27-2008 08:27 AM

Re: which iptables entries are needed for custom ftp service

more details.....
Yes, the ftp service is listening in Port 3021.
When I have 3021/tcp enabled in iptables, I can get a ftp connection established to port 3021, but I get "no route to host" when trying to transfer files.
When I have iptables enabled but without any reference to my custom ftp ports, I get "no route to host" errors when trying to establish the connection.
0 Kudos
Reply
skt_skt
Honored Contributor

‎03-27-2008 11:06 AM

‎03-27-2008 11:06 AM

Re: which iptables entries are needed for custom ftp service

when u already have a firwall setup up in n/w level. then linux level firwall is not mandatory
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.