LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page FTP Access Through IPTABLES Firewall
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 04-12-2007, 03:15 PM   #1
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Rep: Reputation: 38
FTP Access Through IPTABLES Firewall

I have port 21 allowed outgoing through my firewall. This allows me to establish a connection to the FTP server, and log in, but I cannot transfer files. This is due to the outside FTP server attempting to establish a new connection to my client. I don't think I want to just allow incoming port 20 access through my firewall to all of my clients on a general basis.

Most of my clients are Windows, and browsers, so I don't think I have a choice to select PASV mode.

What can I do to my IPTables firewall to allow connections?
 
Old 04-12-2007, 03:32 PM   #2
rednuht
Member
 
Registered: Aug 2005
Posts: 239
Blog Entries: 1

Rep: Reputation: 30
there is a kernel module for this
after a quick google I found this http://www.linuxhomenetworking.com/w...Using_iptables
Quote:
The iptables application requires you to load certain kernel modules to activate some of its functions. Whenever any type of NAT is required, the iptable_nat module needs to be loaded. The ip_conntrack_ftp module needs to be added for FTP support and should always be loaded with the ip_conntrack module which tracks TCP connection states. As most scripts probably will keep track of connection states, the ip_conntrack module will be needed in any case. The ip_nat_ftp module also needs to be loaded for FTP servers behind a NAT firewall.

Unfortunately, the /etc/sysconfig/iptables file doesn't support the loading of modules, so you'll have to add the statements to your /etc/rc.local file which is run at the end of every reboot.

The script samples in this chapter include these statements only as a reminder to place them in the /etc/rc.local file

# File: /etc/rc.local

# Module to track the state of connections
modprobe ip_conntrack

# Load the iptables active FTP module, requires ip_conntrack
modprobe ip_conntrack_ftp

# Load iptables NAT module when required
modprobe iptable_nat

# Module required for active an FTP server using NAT
modprobe ip_nat_ftp
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP & iptables firewall hct224 Linux - Newbie 9 05-04-2012 01:43 PM
my new iptables firewall, everything works except for FTP kawdk Linux - Networking 2 08-01-2004 04:47 AM
Firewall - iptables - ftp connections cubee Linux - Security 22 01-29-2004 10:12 AM
Iptables, FTP, access herc Linux - Security 1 01-08-2004 07:51 PM
Firewall - Firestarter Iptables ftp jupp Linux - Networking 0 03-18-2002 04:01 PM


All times are GMT -5. The time now is 09:39 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration