[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: vsftp and firewall

From: "Christopher K. Johnson" <ckjohnson gwi net>
To: For users of Fedora Core releases <fedora-list redhat com>
Subject: Re: vsftp and firewall
Date: Wed, 07 Apr 2004 16:23:20 -0400

duncan brown wrote:

send us the output of the following command (ran as root)

iptables -L -n

also, remember that your ftp client is probably using PASSIVE transfers, which means you'll need a range of high level ports to be open, not just 21. i bet if you use the text mode ftp program on windows your transfers will work like a champ. (start -> run -> ftp)

No don't open up high ports. Just include a rule to accept not only packets for established connections, but also related ones like so: -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT The related entries get added to the connection table by the ip_conntrack_ftp module based on what ports are referenced on an ftp control connection to be used for a data connection.

And the best way to ensure the ip_conntrack_ftp module is loaded is by editing the line in /etc/sysconfig/iptables-config like so: IPTABLES_MODULES="ip_conntrack_ftp"

--
-----------------------------------------------------------
  "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
  Chris Johnson, RHCE #807000448202021

References:
- Re: vsftp and firewall
  - From: duncan brown

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]