Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
I was wondering if someone could suggest a rule or combination of rules to allow vsftpd to work behind iptables? It works when the firewall is down.
This is the rule I have at the moment which is not working
Code:
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT
I'm using vsftpd to allow local users access to a shared folder.
my vsftp.conf file:
Code:
anonymous_enable=NO
local_enable=YES
write_enable=NO
local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
#idle_session_timeout=600
#data_connection_timeout=120
#nopriv_user=ftpsecure
#async_abor_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
ftpd_banner=Welcome to the back-side of eternity: Unauthorised use PROHIBITED
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd.chroot_list
ls_recurse_enable=YES
listen=YES
anon_max_rate=40000
local_max_rate=40000
#listen_port=2121
pam_service_name=vsftpd
#userlist_enable=YES
check_shell=NO
You'll need both the control and data ports (20,21). But this bring in the Active or Passive ftp server arguement. I'd have to google it, but one of them opens a dynaic random port while the other only uses the (20,21) ports.
In vsftpd.conf, use pasv_min_port and pasv_max_port to establish a range of passive ports you'd like to use. Then add a rule in iptables that unblocks those ports.
I think this helped deal with another problem I was having for local user access. Users were getting prompted for passwords at unusual times, for example, when trying to descend into a sub-directory within the root directory, I think this must have been because passive connections were being lost.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.