can't connect via ftp on my lan...this is iptapbles configurations....
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
can't connect via ftp on my lan...this is iptapbles configurations....
hi, i can't access ftp in my lan. I have 2 hosts.
1 with linux is the gateway on eth0, the other one is my personal pc connected to eth1. I configured the iptables so:
# Generated by iptables-save v1.2.9 on Mon Jan 24 11:45:26 2005
*filter
:INPUT DROP [53:5664]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [857:85837]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp ! --tcp-option 2 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 21 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 80 -j ACCEPT
-A INPUT -s xxxxxxxx/xxxxxxxxx -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Mon Jan 24 11:45:26 2005
# Generated by iptables-save v1.2.9 on Mon Jan 24 11:45:26 2005
*nat
:PREROUTING ACCEPT [88:5432]
:POSTROUTING ACCEPT [31:4334]
:OUTPUT ACCEPT [122:12260]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Jan 24 11:45:26 2005
....why the ftp is not functioning? May be i need configuring some iptables command for eth1?
Note: i'm an italian linux beginner.....thanx for any help!
Are you able to to login the ftp server(ie you see the welcome message ans such) but unable to establish data transfer, or you cannot connect at all?
by the way if you're running standard services on these ports you don't need to open udp port 21,22 and 80
thanx for your time....
i have the account, username and passwd....but i can't connect....the linux does not permit the connection.....is not a problem about file trasnfert but it's about a refused ftp connection....!!! can you help me???
from the linux to the web i can use the ftp....but i can't use it from my pc to the linux....
.the internal pc should be ok for any ftp connection....i conneced it to a console and it was ok...but connecting to the linux host the connection is refused......sorry for my english....
If you want to attempt ftp connections THROUGH your linux box, you've got to insert rules in the FORWARD section since you did
iptables -A FORWARD -j REJECT
So before this line I'll do this (if eth0 is your ext iface & eth1 your int iface)
# These modules are for ftp connexion tracking.
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
# TCP :
iptables -A FORWARD -i eth0 -o eth1 -p tcp -sport 20:21 -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -p tcp -dport 20:21 -m state --state NEW,ESTABLISHED -j ACCEPT
# UDP :
iptables -A FORWARD -i eth0 -o eth1 -p udp -sport 20:21 -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -p udp -dport 20:21 -m state --state NEW,ESTABLISHED -j ACCEPT
# Then the file transfer itself is done on others ports
iptables -I FORWARD -i eth0 -o eth1 -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -I FORWARD -i eth1 -o eth0 -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
hi! the problem is solved!
In reality there was not wrong lines with iptables but i needed only one very stupid (as me) line:
ftpd -p 21
This to activate the DARPA server process.....that is a service that listens at the port 21.....i'm sorry but i didn't know this simple thing...my distribution (mandrake 10.0), i don't know for the other ones, doesn't provide an automatic service, maybe for security reasons, and you must abiltate the correct one......
At the end for the firwall i decided to use a very good one, ideal for my configuration (eth0 inet Linux, eth1 LAN windows), found at this link:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.