Firewall problem while connecting ftp
Dear all,
Error: Connection timed out Error: Failed to retrieve directory listing I have configured iptables firewall rule in linux server,The firewall is enabled and i have enabled the port 21 open for ftp but i was not able to access ftp and i have checked tat the ftp port is running in 21 only,i searched in google for solution but i was not able to get it,can any one help me on this issue. The below given is my iptables configuration file. [root@ram ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.3.5 on Tue Sep 13 11:40:31 2011 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [639194:1105072488] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -s 69.33.55.89 -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT -A RH-Firewall-1-INPUT -s 102.88.211.8 -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT -A RH-Firewall-1-INPUT -s 69.33.55.89 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 102.88.211.8 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Tue Sep 13 11:40:31 2011 Thanks in advance, |
Try opening port 20 as well. Also please tell us what error you get when trying to connect via FTP
RMI |
I think you should add a rule like
-A RH-Firewall-1-INPUT -m conntrack -ctstate RELATED,ESTABLISHED -j ACCEPT |
When i try through logging ftp in command promt i was able to login but through GUI like filezilla and internet explorer i was not able to login,can any one help me on this.The below error iam getting while connecting the server through ftp
Status: Connecting to 88.25.66.15:21... Status: Connection established, waiting for welcome message... Response: 220 (vsFTPd 2.0.5) Command: USER ecare Response: 331 Please specify the password. Command: PASS ******* Response: 230 Login successful. Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: EPRT Response: EPSV Response: MDTM Response: PASV Response: REST STREAM Response: SIZE Response: TVFS Response: 211 End Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/opt/apps" Command: TYPE I Response: 200 Switching to Binary mode. Command: PASV Response: 227 Entering Passive Mode (78,31,69,165,124,248) Command: LIST Error: Connection timed out Error: Failed to retrieve directory listing Thanks |
Did you open port 20? You need to configure your FTP server to use a certain port range for passive connections and then open that port range in the firewall as well.
Since you are using vsftpd you need to add this to vsftpd.conf: Code:
pasv_max_port=51000 Code:
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 50000:51000 -j ACCEPT |
All times are GMT -5. The time now is 05:42 PM. |