Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I setup iptables firewall to "trust" port 21 and I am able to ftp to the server. However, when I tried to download and upload files. It showed this message:
227 Entering Passive Mode (192.168.0.5,124,89)
ftp: connect: No route to host
It works fine if I shutdown iptables. How am I going to setup iptables to make my FTP works?
you are right that you "trust" on port 21 for ftp . so you can login in to the server. but when ftp transfer data then it use diffrent ports other then 21 so you also have to configure that port to transfer your files ( upload or download ) with the help of ftp.
I setup iptables firewall to "trust" port 21 and I am able to ftp to the server. However, when I tried to download and upload files. It showed this message:
227 Entering Passive Mode (192.168.0.5,124,89)
ftp: connect: No route to host
It works fine if I shutdown iptables. How am I going to setup iptables to make my FTP works?
Thanks
Edit, just like bipul4b said basically.
Well your half way there but if you didn't open port 20 you'll never get there. Are you currently forwarding 20 to something else? That would explain the ICMP no route message you revive back.
you may also want to add this to your /etc/hosts.allow
ftpd : ALL : allow
Differences from HTTP
FTP operates on the application layer of the OSI model, and is used to transfer files using TCP/IP. To do so, an FTP server has to be running and waiting for incoming requests. The client computer is then able to communicate with the server on port 21. This connection, called the control connection, remains open for the duration of the session. A second connection, called the data connection,can either be opened by the server from its port 20 to a negotiated client port (active mode), or by the client from an arbitrary port to a negotiated server port (passive mode) as required to transfer file data. The control connection is used for session administration, for example commands, identification and passwords exchanged between the client and the server using a telnet-like protocol. For example "RETR filename" would transfer the specified file from the server to the client. Due to this two-port structure, FTP is considered an out-of-band protocol, as opposed to an in-band protocol such as HTTP.
Last edited by snowmobile74; 05-04-2012 at 11:15 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.