LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-26-2008, 07:58 PM   #1
mefman
LQ Newbie
 
Registered: Jan 2008
Posts: 10

Rep: Reputation: 0
iptables help on Linux server


hi peoples, need some help with opening a port for glftpd on my remote linux server. i finally figured out my issue with connecting to the ftp server i installed and it was cause of the built in firewall on my linux server, so i disabled the firewall to test and i could then login to the ftp. after restarting the firewall, i then searched for a way to open the port i needed for glftpd. the commands were....

iptables -A INPUT -p tcp -m tcp --sport portnumber -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport portnumber -j ACCEPT


saved the iptables config, restarted but no go...

didnt work.....


any suggestions?
 
Old 01-27-2008, 01:41 AM   #2
norbert74
Member
 
Registered: Apr 2006
Posts: 63

Rep: Reputation: 23
Hi, you could try this
Code:
# allow outgoing traffic
iptables -A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# allow responses
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# glftpd
iptables -A INPUT -i eth0 -m state --state NEW --protocol tcp --dport 8000 -j ACCEPT
If it still does not work add these lines at the bottom of your config:
Code:
# log
iptables -A INPUT -j LOG  --log-prefix="IPTABLES-INPUT: " 
iptables -A OUTPUT -j LOG --log-prefix="IPTABLES-OUTPUT: " 
iptables -A FORWARD -j LOG  --log-prefix="IPTABLES-FORWARD: "
Then you will see in your logs what exactly is blocking your access and you can modify your rules accordingly.
 
Old 01-27-2008, 06:21 AM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
A couple of questions that might be relevant....


- What is the full set of rules? Iptables executes rules in order, and handles the packet according to the first rule matched, so if there is a rule in front of your port rule that does something else with the packet, your port rule will never see the packet.

-Is there a router or some other device between your server and the internet? If there is, you have to consider that the packet might not be reaching your server in the first place.
 
Old 01-27-2008, 08:53 AM   #4
mefman
LQ Newbie
 
Registered: Jan 2008
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by norbert74 View Post
Hi, you could try this
Code:
# allow outgoing traffic
iptables -A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# allow responses
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# glftpd
iptables -A INPUT -i eth0 -m state --state NEW --protocol tcp --dport 8000 -j ACCEPT
If it still does not work add these lines at the bottom of your config:
Code:
# log
iptables -A INPUT -j LOG  --log-prefix="IPTABLES-INPUT: " 
iptables -A OUTPUT -j LOG --log-prefix="IPTABLES-OUTPUT: " 
iptables -A FORWARD -j LOG  --log-prefix="IPTABLES-FORWARD: "
Then you will see in your logs what exactly is blocking your access and you can modify your rules accordingly.
i tried this but no luck, i also tried doing this as suggest by someone else

Remove all current rules
1. iptables -F
2. iptables -X

Allow all incoming traffic
1. iptables -P INPUT ACCEPT

if it works, you should reload the original firewall rules and add the following ones
Code:
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT

it worked great, but when i re-applied rules and added 20 and 21 as suggested it still didnt work.
 
Old 01-27-2008, 09:51 AM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Sorry, I spaced on that you were trying to set up an FTP server. The basic problem is that there are two modes that FTP can work in, active and passive, with passive usually being the default. The problem is that for a firewall to work with passive FTP, you either have to lock down the passive ports, or you have to use iptables ftp connection tracking.

There is a good explanation of what is going on here.
 
Old 01-27-2008, 05:45 PM   #6
mefman
LQ Newbie
 
Registered: Jan 2008
Posts: 10

Original Poster
Rep: Reputation: 0
thnx 4 link, will give it a try and do some trial and error with the order or rules and ports.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
[IPTABLES] open ext access to web server on GW server kozaki Linux - Networking 3 08-27-2005 05:11 PM
linux slackware client can't go throug redhat server with iptables esanchez Linux - Networking 6 03-22-2004 11:00 AM


All times are GMT -5. The time now is 02:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration