LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page im using iptables, cant use ftps that have a port != 21, VERY annoying
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-28-2002, 12:39 AM   #1
dflow
LQ Newbie
 
Registered: Sep 2002
Location: Montreal
Posts: 1

Rep: Reputation: 0
im using iptables, cant use ftps that have a port != 21, VERY annoying

Could anyone PLZ help me with this problem ive been asking all over for like 2 weeks and it still doesnt work =P

I have added a few lines that people told me about but they dont seem to help any, and i also loaded ip_nat_ftp and ip_conntrack_ftp, no luck. http works fine, ftp on port 21 too but I cant get passive ftp with ports 1024-65535 to work.

any help is appreciated.
 
Old 09-30-2002, 06:05 AM   #2
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
dflow,

this is just a guess but it may have something to do with your connection tracking commands (if you use them).

The following suggestions are ripped directly from http://www.cs.princeton.edu/~jns/sec...conntrack.html
so thank (or blame) James C. Stephens if it works not me :-)

Ok so basically for ftp you need to match the RELATED state for the process to work so he suggests the following

iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT

note that a similar entry could be made for the FORWARD chain if it applies to your setup.

iptables -A -i eth0 -o eth1 -p tcp ! --syn --sport 1024: --dport 1024: -j ACCEPT

this is another rule you may need (substitute the in/out devices as appropriate)

hope that helps

Rich
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables - incomming port to external port - possible? ziggie216 Linux - Software 1 07-13-2006 02:08 PM
peer2mail - annoying user - iptables Neze Slackware 2 08-08-2005 04:25 PM
Send Me Email When Someone FTPs metal_cd Linux - General 3 03-15-2005 11:11 AM
Port 80 forwarding to port 22 with iptables zahoo Linux - Networking 3 02-22-2005 07:22 AM
FTPs for Newbies splattermark Linux - Networking 3 02-28-2002 06:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:55 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration