LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-18-2006, 07:28 AM   #1
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 452

Rep: Reputation: 30
ftp server + iptables


Hi there,
I know this subject is classic and there are a lot of information about it. I would appreciate if someone could take a look at the following piece of firewall and tell me if it is the best (most secure) solution.
I had a feeling that the firewall is to permissive...
I want clients to connect to a FTP server both passive and active. Is the following EXACTLY what I need (on the server)? It works without doubts, but is there a more secure solution?

Quote:
###FTP
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
#active
iptables -A INPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
#pasive
iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT

The policy is DROP.


Thanks for your help.
 
Old 03-19-2006, 06:23 AM   #2
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: KirraMail Live Email Server
Posts: 1,276

Rep: Reputation: 61
It would be best to post the whole script so we can see everything that's being loaded
 
Old 03-19-2006, 12:33 PM   #3
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
You'll need to slightly loosen your passive mode INPUT connection rule, I suspect. The ftp client will initiate a new connection on the passive port. You're allowing only related and established connections.

You should consider restricting the range of ports your ftp server accepts passive mode connections on. Right now, you're using all ephemeral ports. You can restrict it to, say, ports 2000-2099 (thus allowing 100 simultaneous connections) by modifying the relevant options in your ftpd config file, then unblocking ports 2000:2099 in iptables.

Last edited by jcliburn; 03-19-2006 at 12:35 PM.
 
Old 03-24-2006, 06:55 AM   #4
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 452

Original Poster
Rep: Reputation: 30
Quote:
You'll need to slightly loosen your passive mode INPUT connection rule, I suspect. The ftp client will initiate a new connection on the passive port. You're allowing only related and established connections.
You say I should allow also NEW connections on the INPUT chain for passive FTP?
Doesn't the server take the port the clients connect to from the PORT command, and consider the new connection as related ?
 
Old 03-24-2006, 06:57 AM   #5
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 452

Original Poster
Rep: Reputation: 30
Anyway something get stuck somewhere...
I would need some help on this.

Thanks a lot
 
Old 03-24-2006, 07:54 AM   #6
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
When the client issues its passive mode request to server port 21, the server will answer with a port number that the client should use for the passive mode connection. (This is the ftp-data port.) The client will then initiate a new connection to the server using the new ftp-data port as a destination. (The client will, of course, have a source port in the ephemeral range.) I'm pretty sure the server does not consider the client's passive mode connection to be a related connection.
 
Old 03-24-2006, 08:53 AM   #7
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Why don't you use the iptable module ftp_conntrack ?
This is the only solution for securing the (unsecure) ftp. It dynamically open 1 port for 1 address (while you statically open all port for all address)

For general ftp understanding look precisly at this:
http://slacksite.com/other/ftp.html
 
Old 03-26-2006, 06:57 AM   #8
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
Srry a little offtopic but for a secure solution why don't u switch to Chrooted SSH's SecureFTP + Denyhosts!

http://chrootssh.sourceforge.net/index.php
+
http://denyhosts.sourceforge.net/

You will have no trouble at all with SFTP and Iptables since you have to deal with only one port default "22"

The client commands in Linux for SSH are Scp ,sftp and ssh. "man" for help on these commands.

FTP is a b@st@r*izing protocol

If you use Windows as clients then you can well use some superb clients like Winscp

winscp.net/eng/index.php

or Putty's command line Pftp:

http://www.chiark.greenend.org.uk/~s.../download.html
 
Old 03-27-2006, 01:28 AM   #9
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 452

Original Poster
Rep: Reputation: 30
Hi there,
I used the following guide when I configured my iptables rules: http://xinux.de/docs/sicherheit/fire...conntrack.html

As I understood, I' am already using ftp_conntrack. That is what the state RELATED means. It is using the ftp_conntrack module for ftp connection tracking. In other words it takes the FTP data-port (taken from the PORT command issued by the server) and considers the connections to this port as RELATED to the original control-tcp/21 connection. (from the server point of view, when the client connects to the server)
I am right?


If I am not right, there is also still a problem.
On the server there are cca. 200 accounts. When the firewall is started only a few of them can't connect. The others connect both passive and active. When the firewall is stopped all clients could connect.

If you have any other idea, I would appreciate any help.

Thanks
 
Old 03-27-2006, 01:55 AM   #10
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Quote:
Originally Posted by ddaas
Hi there,
I used the following guide when I configured my iptables rules: http://xinux.de/docs/sicherheit/fire...conntrack.html

As I understood, I' am already using ftp_conntrack. That is what the state RELATED means. It is using the ftp_conntrack module for ftp connection tracking. In other words it takes the FTP data-port (taken from the PORT command issued by the server) and considers the connections to this port as RELATED to the original control-tcp/21 connection. (from the server point of view, when the client connects to the server)
I am right?
Sorry I didn't see the related
Quote:
Originally Posted by ddaas
If I am not right, there is also still a problem.
On the server there are cca. 200 accounts. When the firewall is started only a few of them can't connect. The others connect both passive and active. When the firewall is stopped all clients could connect.

If you have any other idea, I would appreciate any help.

Thanks
I'm not using iptables so I can't comment on your rules. There are some people who know it quite well though on this forum (win32sux?)

The only thing I could suggest you independently of your rules is to plug ethereal and ask one of your non-working client to connect. Ask them to connect with login/pass and issue a dir/ls (with IE or GUI client, the ls is automatic). Its enough to debug. Tell them to disconnect then
Record all their traffic. Could be a NAT/Firewall issue on their side. You can post the few lines after having changed the IP address (ip adresses in tcp segments and ip adresses in PORT and PASV FTP commands!!), I'll try to help you.
 
Old 03-27-2006, 02:17 AM   #11
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 452

Original Poster
Rep: Reputation: 30
Quote:
The only thing I could suggest you independently of your rules is to plug ethereal and ask one of your non-working client to connect. Ask them to connect with login/pass and issue a dir/ls (with IE or GUI client, the ls is automatic). Its enough to debug. Tell them to disconnect then
Record all their traffic. Could be a NAT/Firewall issue on their side. You can post the few lines after having changed the IP address (ip adresses in tcp segments and ip adresses in PORT and PASV FTP commands!!), I'll try to help you.
I've already done that. Those that can't connect, have tried both passive and active with a lot of clients (TotalCommander, IE Browser, etc). The result is the same: from the client side authentication is done, but it get stuck at the list command.

From the server side here is the sniffed traffic:
Quote:
18:09:07.928076 IP X.X.224.58.2941 > Y.Y.112.116.21: S 3038002036:3038002036(0) win 16384 <mss 1460,nop,nop,sackOK>
18:09:07.928156 IP Y.Y.112.116.21 > X.X.224.58.2941: S 3102450479:3102450479(0) ack 3038002037 win 5840 <mss 1460,nop,nop,sackOK>
18:09:07.937680 IP X.X.224.58.2941 > Y.Y.112.116.21: . ack 1 win 17520
18:09:07.938718 IP Y.Y.112.116.21 > X.X.224.58.2941: P 1:311(310) ack 1 win 5840
18:09:07.955635 IP X.X.224.58.2941 > Y.Y.112.116.21: P 1:15(14) ack 311 win 17210
18:09:07.955674 IP Y.Y.112.116.21 > X.X.224.58.2941: . ack 15 win 5840
18:09:07.955795 IP Y.Y.112.116.21 > X.X.224.58.2941: P 311:351(40) ack 15 win 5840
18:09:07.975637 IP X.X.224.58.2941 > Y.Y.112.116.21: P 15:35(20) ack 351 win 17170
18:09:08.017050 IP Y.Y.112.116.21 > X.X.224.58.2941: . ack 35 win 5840
18:09:08.047380 IP Y.Y.112.116.21 > X.X.224.58.2941: P 351:443(92) ack 35 win 5840
18:09:08.075831 IP X.X.224.58.2941 > Y.Y.112.116.21: P 35:40(5) ack 443 win 17078
18:09:08.075875 IP Y.Y.112.116.21 > X.X.224.58.2941: . ack 40 win 5840
18:09:08.075984 IP Y.Y.112.116.21 > X.X.224.58.2941: P 443:477(34) ack 40 win 5840
18:09:08.183542 IP X.X.224.58.2941 > Y.Y.112.116.21: P 40:48(8) ack 477 win 17044
18:09:08.183699 IP Y.Y.112.116.21 > X.X.224.58.2941: P 477:500(23) ack 48 win 5840
18:09:08.204473 IP X.X.224.58.2941 > Y.Y.112.116.21: P 48:55(7) ack 500 win 17021
18:09:08.204625 IP Y.Y.112.116.21 > X.X.224.58.2941: P 500:532(32) ack 55 win 5840
18:09:08.222579 IP X.X.224.58.2941 > Y.Y.112.116.21: P 55:61(6) ack 532 win 16989
18:09:08.222814 IP Y.Y.112.116.21 > X.X.224.58.2941: P 532:583(51) ack 61 win 5840
18:09:08.250190 IP X.X.224.58.2942 > Y.Y.112.116.5789: S 1732947833:1732947833(0) win 16384 <mss 1460,nop,nop,sackOK>
18:09:08.255633 IP X.X.224.58.2941 > Y.Y.112.116.21: P 61:71(10) ack 583 win 16938
18:09:08.297045 IP Y.Y.112.116.21 > X.X.224.58.2941: . ack 71 win 5840
18:09:11.220281 IP X.X.224.58.2942 > Y.Y.112.116.5789: S 1732947833:1732947833(0) win 16384 <mss 1460,nop,nop,sackOK>
18:09:17.242436 IP X.X.224.58.2942 > Y.Y.112.116.5789: S 1732947833:1732947833(0) win 16384 <mss 1460,nop,nop,sackOK>
18:09:38.263437 IP X.X.224.58.2941 > Y.Y.112.116.21: P 71:77(6) ack 583 win 16938
18:09:38.263452 IP Y.Y.112.116.21 > X.X.224.58.2941: . ack 77 win 5840
18:09:38.268815 IP X.X.224.58.2941 > Y.Y.112.116.21: R 77:77(0) ack 583 win 0
18:09:48.284028 IP X.X.224.58.2945 > Y.Y.112.116.21: S 2203251465:2203251465(0) win 16384 <mss 1460,nop,nop,sackOK>
18:09:48.284058 IP Y.Y.112.116.21 > X.X.224.58.2945: S 3143871223:3143871223(0) ack 2203251466 win 5840 <mss 1460,nop,nop,sackOK>
18:09:48.296823 IP X.X.224.58.2945 > Y.Y.112.116.21: . ack 1 win 17520
18:09:48.325060 IP Y.Y.112.116.21 > X.X.224.58.2945: P 1:311(310) ack 1 win 5840
18:09:48.348262 IP X.X.224.58.2945 > Y.Y.112.116.21: P 1:15(14) ack 311 win 17210
18:09:48.348288 IP Y.Y.112.116.21 > X.X.224.58.2945: . ack 15 win 5840
18:09:48.371539 IP Y.Y.112.116.21 > X.X.224.58.2945: P 311:351(40) ack 15 win 5840
18:09:48.391287 IP X.X.224.58.2945 > Y.Y.112.116.21: P 15:35(20) ack 351 win 17170
18:09:48.432157 IP Y.Y.112.116.21 > X.X.224.58.2945: . ack 35 win 5840
18:09:48.469318 IP Y.Y.112.116.21 > X.X.224.58.2945: P 351:443(92) ack 35 win 5840
18:09:48.489535 IP X.X.224.58.2945 > Y.Y.112.116.21: P 35:43(8) ack 443 win 17078
18:09:48.489568 IP Y.Y.112.116.21 > X.X.224.58.2945: . ack 43 win 5840
18:09:48.489732 IP Y.Y.112.116.21 > X.X.224.58.2945: P 443:466(23) ack 43 win 5840
18:09:48.516826 IP X.X.224.58.2945 > Y.Y.112.116.21: P 43:50(7) ack 466 win 17055
18:09:48.516983 IP Y.Y.112.116.21 > X.X.224.58.2945: P 466:498(32) ack 50 win 5840
18:09:48.539399 IP X.X.224.58.2945 > Y.Y.112.116.21: P 50:56(6) ack 498 win 17023
18:09:48.539520 IP Y.Y.112.116.21 > X.X.224.58.2945: P 498:550(52) ack 56 win 5840
18:09:48.557060 IP X.X.224.58.2946 > Y.Y.112.116.63594: S 2627361435:2627361435(0) win 16384 <mss 1460,nop,nop,sackOK>
18:09:48.562596 IP X.X.224.58.2945 > Y.Y.112.116.21: P 56:66(10) ack 550 win 16971
18:09:48.6048X.IP Y.Y.112.116.21 > X.X.224.58.2945: . ack 66 win 5840
18:09:51.451X. IP X.X.224.58.2946 > Y.Y.112.116.63594: S 2627361435:2627361435(0) win 16384 <mss 1460,nop,nop,sackOK>
18:09:57.471852 IP X.X.224.58.2946 > Y.Y.112.116.63594: S 2627361435:2627361435(0) win 16384 <mss 1460,nop,nop,sackOK>


The logs from fure-ftp in debugging mode:

Mar 23 18:09:07 host1 pure-ftpd: (?@X.X.224.58) [INFO] New connection from X.X.224.58
Mar 23 18:09:07 host1 pure-ftpd: (?@X.X.224.58) [DEBUG] 220---------- Welcome to Pure-FTPd [TLS] ----------
Mar 23 18:09:07 host1 pure-ftpd: (?@X.X.224.58) [DEBUG] 220-You are user number 2 of 50 allowed.
Mar 23 18:09:07 host1 pure-ftpd: (?@X.X.224.58) [DEBUG] 220-Local time is now 18:09. Server port: 21.
Mar 23 18:09:07 host1 pure-ftpd: (?@X.X.224.58) [DEBUG] 220-This is a private system - No anonymous login
Mar 23 18:09:07 host1 pure-ftpd: (?@X.X.224.58) [DEBUG] 220-IPv6 connections are also welcome on this server.
Mar 23 18:09:07 host1 pure-ftpd: (?@X.X.224.58) [DEBUG] 220 You will be disconnected after 15 minutes of inactivity.
Mar 23 18:09:07 host1 pure-ftpd: (?@X.X.224.58) [DEBUG] Command [user] [useruser]
Mar 23 18:09:07 host1 pure-ftpd: (?@X.X.224.58) [DEBUG] 331 User useruser OK. Password required
Mar 23 18:09:07 host1 pure-ftpd: (?@X.X.224.58) [DEBUG] Command [pass] [<*>]
Mar 23 18:09:08 host1 pure-ftpd: (?@X.X.224.58) [INFO] useruser is now logged in
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] 230-User useruser has group access to: useruser
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] 230 OK. Current restricted directory is /
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] Command [pwd] []
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] 257 "/" is your current location
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] Command [type] [A]
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] 200 TYPE is now ASCII
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] Command [cwd] [/]
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] 250 OK. Current directory is /
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] Command [pasv] []
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] 227 Entering Passive Mode (Y,Y,112,116,22,157)
Mar 23 18:09:08 host1 pure-ftpd: (useruser@X.X.224.58) [DEBUG] Command[list] [-al]




What is annoying me is that when the firewall is stopped all clients can connect. When it is started most of them can connect, but not all. That means that the problem is a server-side problem or a combination.

Thanks a lot for your help.
I really don't know what else to do...
 
Old 03-27-2006, 02:31 AM   #12
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
I look at it now, I would have prefered 2 or 3 lines with the contents of the packet. Nevermind

Meanwhile, in iptables you can log which drop/reject rule is hit? so you should be able to see which rule blocks a packet?

Do you also load a NAT/masquerade ip_tables module? which if wrong would translate an IP (in tcp headers or in ftp data) to a wrong IP.
 
Old 03-27-2006, 03:18 AM   #13
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Code:
HANDSHAKE
18:09:07.928076 IP X.X.2941 > Y.Y.21: S 3038002036:3038002036(0) win 16384 <mss 1460,nop,nop,sackOK>
18:09:07.928156 IP Y.Y.21 > X.X.2941: S 3102450479:3102450479(0) ack 3038002037 win 5840 <mss 1460,nop,nop,sackOK>
18:09:07.937680 IP X.X.2941 > Y.Y.21: . ack 1 win 17520

Server Sending /etc/issue
18:09:07.938718 IP Y.Y.21 > X.X.2941: P 1:311(310) ack 1 win 5840

Sending username
18:09:07.955635 IP X.X.2941 > Y.Y.21: P 1:15(14) ack 311 win 17210
18:09:07.955674 IP Y.Y.21 > X.X.2941: . ack 15 win 5840


18:09:07.955795 IP Y.Y.21 > X.X.2941: P 311:351(40) ack 15 win 5840
18:09:07.975637 IP X.X.2941 > Y.Y.21: P 15:35(20) ack 351 win 17170
18:09:08.017050 IP Y.Y.21 > X.X.2941: . ack 35 win 5840
18:09:08.047380 IP Y.Y.21 > X.X.2941: P 351:443(92) ack 35 win 5840

Sending passwd
18:09:08.075831 IP X.X.2941 > Y.Y.21: P 35:40(5) ack 443 win 17078
18:09:08.075875 IP Y.Y.21 > X.X.2941: . ack 40 win 5840
18:09:08.075984 IP Y.Y.21 > X.X.2941: P 443:477(34) ack 40 win 5840
18:09:08.183542 IP X.X.2941 > Y.Y.21: P 40:48(8) ack 477 win 17044
18:09:08.183699 IP Y.Y.21 > X.X.2941: P 477:500(23) ack 48 win 5840

Sending LIST or PASV
18:09:08.204473 IP X.X.2941 > Y.Y.21: P 48:55(7) ack 500 win 17021
18:09:08.204625 IP Y.Y.21 > X.X.2941: P 500:532(32) ack 55 win 5840
18:09:08.222579 IP X.X.2941 > Y.Y.21: P 55:61(6) ack 532 win 16989

Sending PASV or LIST
18:09:08.222814 IP Y.Y.21 > X.X.2941: P 532:583(51) ack 61 win 5840

Client connecting to server
18:09:08.250190 IP X.X.2942 > Y.Y.5789: S 1732947833:1732947833(0) win 16384 <mss 1460,nop,nop,sackOK>
<NO RESPONSE FROM SERVER!!>

Client Acking PASSIVE MODE Y,Y,112,116,PortH,PortL
18:09:08.255633 IP X.X.2941 > Y.Y.21: P 61:71(10) ack 583 win 16938
18:09:08.297045 IP Y.Y.21 > X.X.2941: . ack 71 win 5840

Client trying to connect again. This should pass?
18:09:11.220281 IP X.X.2942 > Y.Y.5789: S 1732947833:1732947833(0) win 16384 <mss 1460,nop,nop,sackOK>


<NO RESPONSE FROM SERVER!!>

Client trying to connect again
18:09:17.242436 IP X.X.2942 > Y.Y.5789: S 1732947833:1732947833(0) win 16384 <mss 1460,nop,nop,sackOK>

Client sending ls again
18:09:38.263437 IP X.X.2941 > Y.Y.21: P 71:77(6) ack 583 win 16938

Server acking
18:09:38.263452 IP Y.Y.21 > X.X.2941: . ack 77 win 5840

18:09:38.268815 IP X.X.2941 > Y.Y.21: R 77:77(0) ack 583 win 0

18:09:48.284028 IP X.X.2945 > Y.Y.21: S 2203251465:2203251465(0) win 16384 <mss 1460,nop,nop,sackOK>
18:09:48.284058 IP Y.Y.21 > X.X.2945: S 3143871223:3143871223(0) ack 2203251466 win 5840 <mss 1460,nop,nop,sackOK>
Humm yes its definetly your firewall blocking this passive connection.
Are there passive transfers working?

What client is it? Seems to be a windows, IE? Can you ask the person to use another client to be sure ?

It seems to me that (in italic) the client is not even waiting for the acknowledge of the server before trying to connect. So maybe the ftp_conntrack has not yet opened the port.
Still where I've put "this should pass", the server/ftp_conntrack has now opened the port and afaik it should pass (unless you block someone aggressively port scanning a closed port)

Not so clear

Last edited by nx5000; 03-27-2006 at 03:19 AM.
 
Old 03-27-2006, 09:11 AM   #14
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 452

Original Poster
Rep: Reputation: 30
thanks for your analyze. It was very clear and documented.
I understand that the firewall is not opening the right port or something like this. So server-side problem...
What I don’t understand is why some clients can connect and the others can't. The server-conditions are the same…
The server(iptables & pure-ftp) can't act different based on the client which try to connect. This is really weird...


Quote:
What client is it? Seems to be a windows, IE? Can you ask the person to use another client to be sure?
There are users which used both IE and Total Commander. The result is the same...

I really don’t find the explanation for this. My next step is to log the dropped packets from iptables..


Thanks again
 
Old 03-27-2006, 09:46 AM   #15
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Quote:
What I donít understand is why some clients can connect and the others can't
Just to be sure (maybe I missed an episode..) but have you seen some passive ftp client connect to your server?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP server stuck in passive with iptables running. TheRealDeal Linux - Security 5 02-24-2005 04:57 PM
FTP server (Windows) behind NAT (IPtables) SWAT Linux - Newbie 10 01-08-2004 12:54 PM
Allowing access to FTP server on LAN using IPTABLES - Help please sergio3986 Linux - Security 2 12-18-2003 12:22 PM
FTP server w/ IPTables clergykid Linux - Security 2 02-09-2003 02:49 PM
iptables router with ftp server bbenz3 Linux - Networking 6 02-26-2002 11:45 AM


All times are GMT -5. The time now is 06:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration