LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Port settings for ftp server on gateway (https://www.linuxquestions.org/questions/linux-newbie-8/port-settings-for-ftp-server-on-gateway-772181/)

szahmad1 11-28-2009 05:24 PM
Port settings for ftp server on gateway
 
Hi Guys ! I need to setup up ports on a fully configured gateway to allow traffic only on port 21 and 20 to access an ftp server.can plz anyone help,i actually need the commands.Thanks

centosboy 11-28-2009 05:39 PM
Quote:
Originally Posted by szahmad1 (Post 3772740)
Hi Guys ! I need to setup up ports on a fully configured gateway to allow traffic only on port 21 and 20 to access an ftp server.can plz anyone help,i actually need the commands.Thanks

i assume this gateway is running iptables right?

szahmad1 11-28-2009 11:10 PM
iptables on gateway
 
yes true ! The ftp server is on another machine and this machine is running iptables/firewall/gateway

centosboy 11-29-2009 01:31 PM
Quote:
Originally Posted by szahmad1 (Post 3772890)
yes true ! The ftp server is on another machine and this machine is running iptables/fiewall/gateway
Got any firewall logs or can you show rules? My guess is no ftp conn track module loaded

szahmad1 11-30-2009 12:13 AM
i dont have enough info what the firewall log or the rules are,but i am running fedora 10 on both server and gateway.This is one of the requirements

Q: configure your firewall (using iptables) on the gateway to allow FTP clients (using either Active or Passive mode) through to the FTP server. All other connections should not be allowed.

centosboy 11-30-2009 03:34 AM
Quote:
Originally Posted by szahmad1 (Post 3773980)
i dont have enough info what the firewall log or the rules are,but i am running fedora 10 on both server and gateway.This is one of the requirements

Q: configure your firewall (using iptables) on the gateway to allow FTP clients (using either Active or Passive mode) through to the FTP server. All other connections should not be allowed.
Ok...you need to read up a bit about ftp connection tracking

Code:
http://www.linuxchix.org/content/courses/security/connection_tracking

you need to load the ftp connection track modules as well as allowing the access to the correct ports in the firewall.

for example, i have loaded these modules in

Code:
/etc/sysconfig/iptables-config
to get ftp working properly.


Code:
IPTABLES_MODULES="ip_conntrack_netbios_ns ip_nat_ftp ip_conntrack"
and allowed the source ip to the ports 20 and 21

szahmad1 12-01-2009 11:09 AM
And How do you allow the source ip to the ports 20 and 20, i mean the commands

centosboy 12-02-2009 04:00 AM
Quote:
Originally Posted by szahmad1 (Post 3775848)
And How do you allow the source ip to the ports 20 and 20, i mean the commands
Code:
iptables -I INPUT -p tcp -s x.x.x.x  -m multiport --dports 20,21 -j ACCEPT
I have a similar set up on my end but not allowing port 20.
the port 20 is more of a data connection from server -> client, so the RELATED,ESTABLISHED rule(s) and or the connection tracking modules should cover this.

szahmad1 12-03-2009 07:25 AM
Thanks for your support, i really appreciate it.

centosboy 12-03-2009 10:53 AM
Quote:
Originally Posted by szahmad1 (Post 3778311)
Thanks for your support, i really appreciate it.
thank me with a thumbs up :)

szahmad1 12-04-2009 12:05 AM
ok thanks ..........thumbs up,,,,lol


All times are GMT -5. The time now is 07:05 PM.