Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-24-2004, 12:27 AM
|
#1
|
Member
Registered: Jun 2003
Distribution: Redhat
Posts: 87
Rep:
|
FTP & iptables firewall
I setup iptables firewall to "trust" port 21 and I am able to ftp to the server. However, when I tried to download and upload files. It showed this message:
227 Entering Passive Mode (192.168.0.5,124,89)
ftp: connect: No route to host
It works fine if I shutdown iptables. How am I going to setup iptables to make my FTP works?
Thanks
|
|
|
05-24-2004, 04:20 AM
|
#2
|
LQ Newbie
Registered: May 2004
Location: India
Distribution: redhat
Posts: 21
Rep:
|
Hi,
you are right that you "trust" on port 21 for ftp . so you can login in to the server. but when ftp transfer data then it use diffrent ports other then 21 so you also have to configure that port to transfer your files ( upload or download ) with the help of ftp.
you can use "ftp-data" as protocol name
so allow ftp-data in firewall
bye
|
|
|
05-24-2004, 09:25 AM
|
#3
|
Member
Registered: Mar 2004
Distribution: CentOS 5
Posts: 128
Rep:
|
which ftp program are you using?
|
|
|
05-04-2012, 04:30 AM
|
#4
|
LQ Newbie
Registered: Sep 2010
Posts: 20
Rep:
|
vsftpd v 2.x
|
|
|
05-04-2012, 04:34 AM
|
#5
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
please don't drag up dead threads. it is often very confusing for others who think the question is still relevant.
|
|
|
05-04-2012, 04:50 AM
|
#6
|
LQ Newbie
Registered: Feb 2012
Location: Indonesia
Distribution: Slackware, Centos, Debian, RHEL
Posts: 13
Rep:
|
Quote:
Originally Posted by hct224
It works fine if I shutdown iptables. How am I going to setup iptables to make my FTP works?
Thanks
|
Hi,
Can you display your iptables rule for your FTP ?
|
|
|
05-04-2012, 04:57 AM
|
#7
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
No he can't, he posted that 8 years ago.
|
|
|
05-04-2012, 09:20 AM
|
#8
|
LQ Newbie
Registered: Feb 2012
Location: Indonesia
Distribution: Slackware, Centos, Debian, RHEL
Posts: 13
Rep:
|
Oh.. i was not read the datetime he posted..
Last edited by war49; 05-04-2012 at 09:22 AM.
|
|
|
05-04-2012, 11:13 AM
|
#9
|
LQ Newbie
Registered: Nov 2003
Location: Reston, VA
Distribution: Slackware for everything
Posts: 22
Rep:
|
Quote:
Originally Posted by hct224
I setup iptables firewall to "trust" port 21 and I am able to ftp to the server. However, when I tried to download and upload files. It showed this message:
227 Entering Passive Mode (192.168.0.5,124,89)
ftp: connect: No route to host
It works fine if I shutdown iptables. How am I going to setup iptables to make my FTP works?
Thanks
|
Edit, just like bipul4b said basically.
Well your half way there but if you didn't open port 20 you'll never get there. Are you currently forwarding 20 to something else? That would explain the ICMP no route message you revive back.
you may also want to add this to your /etc/hosts.allow
ftpd : ALL : allow
Differences from HTTP
FTP operates on the application layer of the OSI model, and is used to transfer files using TCP/IP. To do so, an FTP server has to be running and waiting for incoming requests. The client computer is then able to communicate with the server on port 21. This connection, called the control connection, remains open for the duration of the session. A second connection, called the data connection,can either be opened by the server from its port 20 to a negotiated client port (active mode), or by the client from an arbitrary port to a negotiated server port (passive mode) as required to transfer file data. The control connection is used for session administration, for example commands, identification and passwords exchanged between the client and the server using a telnet-like protocol. For example "RETR filename" would transfer the specified file from the server to the client. Due to this two-port structure, FTP is considered an out-of-band protocol, as opposed to an in-band protocol such as HTTP.
Last edited by snowmobile74; 05-04-2012 at 11:15 AM.
|
|
|
05-04-2012, 01:43 PM
|
#10
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
OH good grief, read my replies, you're just wasting your time.
|
|
|
All times are GMT -5. The time now is 08:18 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|