LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Configure Active FTP in Firewall through iptables (https://www.linuxquestions.org/questions/linux-newbie-8/configure-active-ftp-in-firewall-through-iptables-725156/)

atpchn 05-11-2009 05:15 AM
Configure Active FTP in Firewall through iptables
 
Hi everyone,

I have a LAN and a Linux machine, which is used as gateway and internet access to the LAN is done from Linux machine.

When i access the ftpserver, iam able to connect. But iam not able to view the files/directories through ls command.

My Linux Firewall is blocking the active FTP session.

Pls give me the steps to configure active FTP with iptables.

thanks

bhaslinux 05-11-2009 05:54 AM
did you try passive command ? does it work ?
To enable active ftp you need to redirect port 20 and 21 to the ftp machine (using virtual server ... ) in your DSL

Iptables may not be playing a big role here but if you are blocking input using iptables then
this might help:

iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT

atpchn 05-11-2009 06:04 AM
Passive mode works fine. It displays entire directory structure.
But opening in ASCII Mode, the ls command just hangs.

I have only given the following rules in firewall for internet.

step 1)iptables -F
step 2)iptables -N block
step 3)iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
step 4)iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
step 5)iptables -A block -j DROP
step 6)iptables -A INPUT -j block
step 7)iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
step 8)iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Help me to configure FTP working with ASCII

bhaslinux 05-11-2009 06:59 AM
If this linux machine is the gateway, then where is it connected to ?
If this is gateway, the gateway must also be able to forward the port20 packets to the
linux machine. Is this taken care of ?

i.e if the gateway is a DSL modem, ther must be a virtual server option which can be used
to forward ports to the linux machine.

atpchn 05-11-2009 07:25 AM
Linux machine has two NICs. One is used as gateway for the LAN and the other NIC is directly connected to internet.

Through the Linux Machine the internet works for the LAN.

iptables needs to be configured in Linux Machine.

baig 05-11-2009 07:52 AM
i think the best way to generate a complete firewall script according to your needs is:

Code:
http://easyfwgen.morizot.net/gen/

have a look and generate according to your needs and services you need to enable.


Cheers!!

atpchn 05-11-2009 07:59 AM
i have configured the firewall for internet access to the entire LAN.
But the only problem is the active FTP.
Through active FTP, iam not able to view the list of files in the FTP Server.
It just hangs for 'ls' command.


All times are GMT -5. The time now is 01:35 PM.