can't connect via ftp on my lan....this is my iptables config....
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
A number of ftp servers run in PASV mode, which means you have to open up several higher numbered ports as well as 21. On my system (ProFTP) I can lock the passive port range so I've open 50000-51000 in the firewall as well.
If you're doing this you probably want to look into chrooting ftp as a security precaution.
OK, lets see if I have this straight....The FTP server has two ethernet cards, eth0 (which is your Internet interface) and eth1, which is your LAN interface. You want to allow FTP access from your LAN only (eth1).
If this is the case, the problem with your firewall is with the -i flag. So in your firewall you have
you also need to open port 20 and and ports below 1024 as far as I know
a pc connects at port 21 but after that the server and the client will communicate at a higher port >1023
i have an ftp server to and it didn't work until i opened up those ports
so i have something like this in my firewall script:
iptables -A INPUT -i eth1 -p tcp --dport 1024:65000 -j ACCEPT
You have got to be kidding. I would argue that is no longer a firewall, but rather a TCP packet annoyance system.
There is absolutely no reason to have that many ports open for one program. Have a read through your servers documentation and find out how to narrow that down. If your server doesn't allow you to restrict the PASV ports, I would find a new server.