Hi,

I am a newbie and am having a problem setting up a FTP server on RH 7.3 with IPTables as my firewall.

I'm just trying to do something very simple initially as a test. I know my FTP server works perfectly when I set the default policy for the INPUT chain to be "ACCEPT". But obviously this is bad security, so then I changed the default policy for INPUT to "DROP", and then added rules for the FTP ports. I added lines like

$iptables -a input -i $extif -p tcp --dport 21 -j accept #for control
$iptables -a input -i $extif -p tcp --dport 20 -j accept #for data

But then nothing worked, my FTP client just stops at the "Connected to xxx.xxx.xxx.xxx port 21" line, and I get no login prompts, nothing.

The interesting thing is that I added in the same rule for port 22 for my SSH server, and my SSH still works perfectly (though login became very slow).

I know it's the firewall that's causing the problem, but I don't know what else to try. I have no idea how to fix it!

Any help would be great, thanks!

You need to let the traffic of your passive FTP through also. And btw, you don't need FTP-DATA (port 20) to let through like that, the connection to FTP-DATA won't be new, etc.

Read up on stateful firewalls and connection tracking if you need more help!

Thanks for the info

But I thought that for the simplest case of "active" FTP, that I would just need to open ports 20 and 21. I just want to test that and play around with more secure settings and passive mode later.

But so far haven't gotten it working with just ports 20 and 21. I don't know if it's there's something else I have to set or what. So far things only work if I accept everything on the INPUT chain.