iptables rule for ftp
Hi,
I was wondering if someone could suggest a rule or combination of rules to allow vsftpd to work behind iptables? It works when the firewall is down. This is the rule I have at the moment which is not working Code:
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT my vsftp.conf file: Code:
anonymous_enable=NO |
You'll need both the control and data ports (20,21). But this bring in the Active or Passive ftp server arguement. I'd have to google it, but one of them opens a dynaic random port while the other only uses the (20,21) ports.
|
OK, I think I might be getting somewhere.
Code:
modprobe ip_conntrack_ftp Any suggestions for improved iptables rules are still welcome. Cheers |
And you generally need an ESTABLISHED,RELATED rule to deal with the dymanic higher ports
|
In vsftpd.conf, use pasv_min_port and pasv_max_port to establish a range of passive ports you'd like to use. Then add a rule in iptables that unblocks those ports.
Example: vsftpd.conf pasv_enable=YES pasv_min_port=11001 pasv_max_port=11010 iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A INPUT -p tcp --dport 11001:11010 -j ACCEPT |
Quote:
Thanks |
All times are GMT -5. The time now is 12:56 AM. |