[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Firewall issues with setting up vsftp server

On Sat, Dec 11, 2004 at 11:07:40AM -0600, Terry Linhardt wrote:
> Jeff Kinz wrote:
> >On Sat, Dec 11, 2004 at 10:17:30AM -0600, Terry Linhardt wrote:
> >>I am attempting to set up an ftp server on an internal network. (All 
> >>hosts are 192.168.1.*)  I am using vsftp, but stumbling over an iptables 
> >>related issue.  Also, this is Fedora Core 3.
> >
> >Whats the content of your iptables script, (Sanitize any important info
> >please)
> >
> Actually, the iptables are the defaults provided with FC3. I have used 
> the GUI to "open" SSH and FTP. As noted in my original post, my problem 
> disappears if I stop the iptables (/etc/rc.d/init.d/iptables stop)

I never use the GUI tools for iptables.  I build iptables setup scripts
directly, using templates and macros that allow for some fairly fast and
very fine grained control.

What is the contents of your /etc/sysconfig/iptables file?
> >What is the shape/configuration of your Network?
> >
> All machines are attached to a Linksys router within the same building. 
> Some are wireless, but I don't think that is an issue.  All machines, 
> including the server, are in the IP range of 192.168.1.X with a 
> netmask. In short, *all* machines at this point are on a 
> private network, on the same LAN.

I am assuming your internal LAN is not a "Hostile" environment. (If this
isn't true, let us know)

Since you don't mention any connection from this LAN to the Internet,
you can just turn off the firewall.

If you have an Internet connection:

If your server has dual NICS, where one NIC is a gateway to the
internet, just turn off the firewalling on the NIC which is connected
to the internal LAN and leave it running on the NIC used for the
external Internet connection.

If you are using the Linksys router as your internet gateway, (And you
actually trust it) turn off the firewall on your server completely.
Since you trust the Linksys router (I wouldn't use personally, for other
reasons), you don't necessarily need the additional firewall on your
> >Where is the delivery target in relation to your server?
> >  
> If I understand your question, the physcial relationship is that they 
> are in adjacent rooms.

So both target and source are on the same LAN, and the file transfer
doesn't travel over the internet.

Linux/Open Source:  Your infrastructure belongs to you, free, forever.
Idealism:  "Realism applied over a longer time period"
<a href=http://kinz.org>Kinz</a>
http://www.fedoratracker.org http://www.fedorafaq.org
Jeff Kinz, Emergent Research, Hudson, MA.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]