LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-09-2003, 03:23 AM   #1
clergykid
LQ Newbie
 
Registered: Feb 2003
Location: Canada
Distribution: Debian
Posts: 24

Rep: Reputation: 15
FTP server w/ IPTables


Hi,

I am a newbie and am having a problem setting up a FTP server on RH 7.3 with IPTables as my firewall.

I'm just trying to do something very simple initially as a test. I know my FTP server works perfectly when I set the default policy for the INPUT chain to be "ACCEPT". But obviously this is bad security, so then I changed the default policy for INPUT to "DROP", and then added rules for the FTP ports. I added lines like

$iptables -a input -i $extif -p tcp --dport 21 -j accept #for control
$iptables -a input -i $extif -p tcp --dport 20 -j accept #for data

But then nothing worked, my FTP client just stops at the "Connected to xxx.xxx.xxx.xxx port 21" line, and I get no login prompts, nothing.

The interesting thing is that I added in the same rule for port 22 for my SSH server, and my SSH still works perfectly (though login became very slow).

I know it's the firewall that's causing the problem, but I don't know what else to try. I have no idea how to fix it!

Any help would be great, thanks!
 
Old 02-09-2003, 04:15 AM   #2
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
You need to let the traffic of your passive FTP through also. And btw, you don't need FTP-DATA (port 20) to let through like that, the connection to FTP-DATA won't be new, etc.

Read up on stateful firewalls and connection tracking if you need more help!
 
Old 02-09-2003, 03:49 PM   #3
clergykid
LQ Newbie
 
Registered: Feb 2003
Location: Canada
Distribution: Debian
Posts: 24

Original Poster
Rep: Reputation: 15
Thanks for the info

But I thought that for the simplest case of "active" FTP, that I would just need to open ports 20 and 21. I just want to test that and play around with more secure settings and passive mode later.

But so far haven't gotten it working with just ports 20 and 21. I don't know if it's there's something else I have to set or what. So far things only work if I accept everything on the INPUT chain.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP server stuck in passive with iptables running. TheRealDeal Linux - Security 5 02-24-2005 05:57 PM
FTP server (Windows) behind NAT (IPtables) SWAT Linux - Newbie 10 01-08-2004 01:54 PM
Allowing access to FTP server on LAN using IPTABLES - Help please sergio3986 Linux - Security 2 12-18-2003 01:22 PM
ftp and ftp port forwarding with IPtables?? FunkFlex Linux - Security 3 04-24-2002 04:03 AM
iptables router with ftp server bbenz3 Linux - Networking 6 02-26-2002 12:45 PM


All times are GMT -5. The time now is 01:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration