LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux > Linux - Security
Reload this Page Can't make ip_conntrack_ftp to work with passive ftp (CentOS)
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Tags used in this thread
Popular LQ Tags , , ,

Reply
 
Thread Tools
Old 10-29-2009, 07:52 AM   #1
ukoDragon
LQ Newbie
 
Registered: Oct 2009
Distribution: CentOS
Posts: 3
Thanked: 0
Question Can't make ip_conntrack_ftp to work with passive ftp (CentOS)

[Log in to get rid of this advertisement]
I've checked a lot of forums, and I still can't make it work.

First of all when I stop iptables everything works fine.

Now configuration:
Code:
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
..........
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eht0 -p tcp --dport 21 -j ACCEPT
..........
COMMIT
also in /etc/sysconfig/iptables-config I have
Code:
IPTABLES_MODULES="ip_conntrack_netbios_ns ip_nat_ftp ip_conntrack_ftp"
and they load without any errors.

Can someone tell me what am I doing wrong?

Also whats the difference between next 2 statements:
Code:
-A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Code:
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
windows_xp_2003 ukoDragon is offline  
Tag This Post , , ,
Reply With Quote
Old 10-29-2009, 11:38 AM   #2
win32sux
Moderator
 
Registered: Jul 2003
Distribution: Ubuntu 8.10
Posts: 8,603
Thanked: 106
Quote:
Originally Posted by ukoDragon View Post
-A INPUT -i eht0 -p tcp --dport 21 -j ACCEPT
Is that a typo in your post or in your config file?
linuxubuntu win32sux is offline     Reply With Quote
Old 10-30-2009, 07:48 AM   #3
ukoDragon
LQ Newbie
 
Registered: Oct 2009
Distribution: CentOS
Posts: 3
Thanked: 0

Original Poster
Sometimes I connect my laptop to this computer via eth1, and eth0 is outgoing link, so I allow everything from eth1 and only secure eth0.

But everything works except ftp.
windows_xp_2003 ukoDragon is offline     Reply With Quote
Old 10-30-2009, 08:31 AM   #4
win32sux
Moderator
 
Registered: Jul 2003
Distribution: Ubuntu 8.10
Posts: 8,603
Thanked: 106
Quote:
Originally Posted by ukoDragon View Post
Sometimes I connect my laptop to this computer via eth1, and eth0 is outgoing link, so I allow everything from eth1 and only secure eth0.

But everything works except ftp.
Okay, but what you posted doesn't say eth0, it says eht0 (I highlighted it in red). If that's what's in your configuration file, it would never work - which is why I'm asking you (again): where did the typo originate?
linuxubuntu win32sux is offline     Reply With Quote
Old 10-30-2009, 10:50 AM   #5
ukoDragon
LQ Newbie
 
Registered: Oct 2009
Distribution: CentOS
Posts: 3
Thanked: 0

Original Poster
Oh damn. You're right. I just haven't noticed that.
Thank you very much.

BTW: can someone tell me:

Quote:
Originally Posted by ukoDragon View Post
Also whats the difference between next 2 statements:
Code:
-A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Code:
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
windows_xp_2003 ukoDragon is offline     Reply With Quote
Old 10-30-2009, 10:55 AM   #6
win32sux
Moderator
 
Registered: Jul 2003
Distribution: Ubuntu 8.10
Posts: 8,603
Thanked: 106
See here.
linuxubuntu win32sux is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to make ftp user in centoS linux mirror51 Linux - Newbie 2 07-23-2009 12:14 AM
difference between active FTP and Passive FTP prashsharma Linux - Server 2 05-11-2007 02:05 AM
How do I set my FTP server to accept passive FTP? imsam Linux - Newbie 3 12-12-2004 07:22 AM
ip_conntrack_ftp: active ftp doesn't work Pastorino Linux - Security 6 08-13-2004 06:30 AM
ip_conntrack_ftp... I can't get PASSV ftp? satellite Linux - Security 2 12-16-2002 03:28 AM


All times are GMT -5. The time now is 01:36 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration