LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   FTP & iptables firewall (https://www.linuxquestions.org/questions/linux-newbie-8/ftp-and-iptables-firewall-185069/)

hct224 05-24-2004 01:27 AM

FTP & iptables firewall
 
I setup iptables firewall to "trust" port 21 and I am able to ftp to the server. However, when I tried to download and upload files. It showed this message:

227 Entering Passive Mode (192.168.0.5,124,89)
ftp: connect: No route to host


It works fine if I shutdown iptables. How am I going to setup iptables to make my FTP works?

Thanks

bipul4b 05-24-2004 05:20 AM

Hi,

you are right that you "trust" on port 21 for ftp . so you can login in to the server. but when ftp transfer data then it use diffrent ports other then 21 so you also have to configure that port to transfer your files ( upload or download ) with the help of ftp.


you can use "ftp-data" as protocol name

so allow ftp-data in firewall


bye
:newbie:

adm1329 05-24-2004 10:25 AM

which ftp program are you using?

digitaldude 05-04-2012 05:30 AM

vsftpd v 2.x

acid_kewpie 05-04-2012 05:34 AM

please don't drag up dead threads. it is often very confusing for others who think the question is still relevant.

war49 05-04-2012 05:50 AM

Quote:

Originally Posted by hct224 (Post 950331)
It works fine if I shutdown iptables. How am I going to setup iptables to make my FTP works?

Thanks

Hi,
Can you display your iptables rule for your FTP ?

acid_kewpie 05-04-2012 05:57 AM

No he can't, he posted that 8 years ago.

war49 05-04-2012 10:20 AM

Oh.. i was not read the datetime he posted..

snowmobile74 05-04-2012 12:13 PM

Quote:

Originally Posted by hct224 (Post 950331)
I setup iptables firewall to "trust" port 21 and I am able to ftp to the server. However, when I tried to download and upload files. It showed this message:

227 Entering Passive Mode (192.168.0.5,124,89)
ftp: connect: No route to host


It works fine if I shutdown iptables. How am I going to setup iptables to make my FTP works?

Thanks

Edit, just like bipul4b said basically.

Well your half way there but if you didn't open port 20 you'll never get there. Are you currently forwarding 20 to something else? That would explain the ICMP no route message you revive back.

you may also want to add this to your /etc/hosts.allow

ftpd : ALL : allow


Differences from HTTP
FTP operates on the application layer of the OSI model, and is used to transfer files using TCP/IP. To do so, an FTP server has to be running and waiting for incoming requests. The client computer is then able to communicate with the server on port 21. This connection, called the control connection, remains open for the duration of the session. A second connection, called the data connection,can either be opened by the server from its port 20 to a negotiated client port (active mode), or by the client from an arbitrary port to a negotiated server port (passive mode) as required to transfer file data. The control connection is used for session administration, for example commands, identification and passwords exchanged between the client and the server using a telnet-like protocol. For example "RETR filename" would transfer the specified file from the server to the client. Due to this two-port structure, FTP is considered an out-of-band protocol, as opposed to an in-band protocol such as HTTP.

acid_kewpie 05-04-2012 02:43 PM

OH good grief, read my replies, you're just wasting your time.


All times are GMT -5. The time now is 10:16 AM.