LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Can't make ip_conntrack_ftp to work with passive ftp (CentOS)
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-29-2009, 07:52 AM   #1
ukoDragon
LQ Newbie
 
Registered: Oct 2009
Distribution: CentOS
Posts: 3

Rep: Reputation: 0
Question Can't make ip_conntrack_ftp to work with passive ftp (CentOS)

I've checked a lot of forums, and I still can't make it work.

First of all when I stop iptables everything works fine.

Now configuration:
Code:
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
..........
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eht0 -p tcp --dport 21 -j ACCEPT
..........
COMMIT
also in /etc/sysconfig/iptables-config I have
Code:
IPTABLES_MODULES="ip_conntrack_netbios_ns ip_nat_ftp ip_conntrack_ftp"
and they load without any errors.

Can someone tell me what am I doing wrong?

Also whats the difference between next 2 statements:
Code:
-A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Code:
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
Old 10-29-2009, 11:38 AM   #2
win32sux
Moderator
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,847

Rep: Reputation: 348Reputation: 348Reputation: 348Reputation: 348
Quote:
Originally Posted by ukoDragon View Post
-A INPUT -i eht0 -p tcp --dport 21 -j ACCEPT
Is that a typo in your post or in your config file?
 
Old 10-30-2009, 07:48 AM   #3
ukoDragon
LQ Newbie
 
Registered: Oct 2009
Distribution: CentOS
Posts: 3

Original Poster
Rep: Reputation: 0
Sometimes I connect my laptop to this computer via eth1, and eth0 is outgoing link, so I allow everything from eth1 and only secure eth0.

But everything works except ftp.
 
Old 10-30-2009, 08:31 AM   #4
win32sux
Moderator
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,847

Rep: Reputation: 348Reputation: 348Reputation: 348Reputation: 348
Quote:
Originally Posted by ukoDragon View Post
Sometimes I connect my laptop to this computer via eth1, and eth0 is outgoing link, so I allow everything from eth1 and only secure eth0.

But everything works except ftp.
Okay, but what you posted doesn't say eth0, it says eht0 (I highlighted it in red). If that's what's in your configuration file, it would never work - which is why I'm asking you (again): where did the typo originate?
 
Old 10-30-2009, 10:50 AM   #5
ukoDragon
LQ Newbie
 
Registered: Oct 2009
Distribution: CentOS
Posts: 3

Original Poster
Rep: Reputation: 0
Oh damn. You're right. I just haven't noticed that.
Thank you very much.

BTW: can someone tell me:

Quote:
Originally Posted by ukoDragon View Post
Also whats the difference between next 2 statements:
Code:
-A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Code:
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
Old 10-30-2009, 10:55 AM   #6
win32sux
Moderator
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,847

Rep: Reputation: 348Reputation: 348Reputation: 348Reputation: 348
See here.
 
  


Reply

Tags
conntrack, ftp, iptables, passive


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to make ftp user in centoS linux mirror51 Linux - Newbie 2 07-23-2009 12:14 AM
difference between active FTP and Passive FTP prashsharma Linux - Server 2 05-11-2007 02:05 AM
How do I set my FTP server to accept passive FTP? imsam Linux - Newbie 3 12-12-2004 07:22 AM
ip_conntrack_ftp: active ftp doesn't work Pastorino Linux - Security 6 08-13-2004 06:30 AM
ip_conntrack_ftp... I can't get PASSV ftp? satellite Linux - Security 2 12-16-2002 03:28 AM


All times are GMT -5. The time now is 05:54 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration