LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page An FTP problem (?)
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-02-2004, 03:00 AM   #1
SiLiCoN
Member
 
Registered: Sep 2004
Location: India
Distribution: Solaris 9, FreeBSD 4.10, Slackware, RedHat, Knoppix,
Posts: 84

Rep: Reputation: 16
Question An FTP problem (?)

Hi All,

This is the first time I am here and with a confusing question (for me atleast).
The problem is ... i wanted to block all outgoing FTP connections from my server and so i quoted the
#ftp 21/tcp
#ftp 21/udp fsp fspd
in /etc/services file ...
now, this worked partly as i couldnot run ftp command from my shell
ftp: ftp/tcp: unknown service <--- that is what i get and that is OK

but i ran a perl script and was able to upload files to different servers which uses Net::FTP (i guess it uses port 21 too)... that was surprising

Moreover i could still connect to that server using FTP from other machines to the server (though the port 21 in the server is blocked ?) - that is surprising too, though my initial intension was to block all outgoing FTP connections from the server, but i guess when i block port 21 it should block all incoming FTP connections too.

What i understand is that ftp daemon still runs on the server and that's why i can connect but what i dont understand is how can i connect to the server if port 21 is blocked???

Also i ran an nmap on the server and found out
Port State Service
21/tcp open ftp
(port 21 is open ?)

It would be great help if someone can tell me whats going on and how can i actually achieve to block outgoing FTP and incoming FTP individually...
oh! forgot to mention, my server is running RedHat 9.0 (if that helps!)

Thanks in advance
 
Old 09-02-2004, 03:16 AM   #2
nukkel
Member
 
Registered: Mar 2003
Location: Belgium
Distribution: Hardened gentoo
Posts: 323

Rep: Reputation: 30
Hi, and welcome

actually that's not the purpose of the /etc/services file, it's only there to define what protocol is what port#, so that the "ftp" command for example, knows it has to connect to port 21. Some programs don't use this file and directly connect to 21, without consulting /etc/services... as you noticed.

The solution is to block it in the firewall. Maybe RedHat has same program for configuring the firewall, I'm not sure. But if it doesn't, here's how you can do it in the shell:
Code:
iptables -A OUTPUT -p tcp --destination-port 21 -j DROP
This will DROP (block) all OUTgoing tcp traffic to (remote) port 21.
Likewise,
Code:
iptables -A INPUT -p tcp --destination-port 21 -j DROP
drops all incoming traffic to your ftp port.

Again, it's possible Redhat has some gui config program for this too, better check that out first

hope this helped, feel free to ask for more clarification
 
Old 09-02-2004, 04:52 AM   #3
SiLiCoN
Member
 
Registered: Sep 2004
Location: India
Distribution: Solaris 9, FreeBSD 4.10, Slackware, RedHat, Knoppix,
Posts: 84

Original Poster
Rep: Reputation: 16
Thanks a lot!
Thanks for the help....it worked out and now i also know the purpose of services file

Thanks for the help
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ftp from LInux to Serv-U ftp server problem csross Linux - General 2 11-07-2005 04:35 PM
FTP problem DataCorrupt Linux - Newbie 1 08-04-2005 11:06 AM
problem with ftp on mandrake 10.1 Official, ftp speeds system wide (anybody noticed?) equinox Mandriva 15 11-10-2004 02:07 PM
FTP Problem - Please help fuelinjection Linux - General 13 12-07-2003 10:46 AM
FTP problem kilogoretrout Linux - General 3 06-21-2003 11:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:31 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration