Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-28-2009, 05:24 PM
|
#1
|
LQ Newbie
Registered: Nov 2009
Posts: 14
Rep:
|
Port settings for ftp server on gateway
Hi Guys ! I need to setup up ports on a fully configured gateway to allow traffic only on port 21 and 20 to access an ftp server.can plz anyone help,i actually need the commands.Thanks
|
|
|
11-28-2009, 05:39 PM
|
#2
|
Senior Member
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137
Rep:
|
Quote:
Originally Posted by szahmad1
Hi Guys ! I need to setup up ports on a fully configured gateway to allow traffic only on port 21 and 20 to access an ftp server.can plz anyone help,i actually need the commands.Thanks
|
i assume this gateway is running iptables right?
|
|
|
11-28-2009, 11:10 PM
|
#3
|
LQ Newbie
Registered: Nov 2009
Posts: 14
Original Poster
Rep:
|
iptables on gateway
yes true ! The ftp server is on another machine and this machine is running iptables/firewall/gateway
|
|
|
11-29-2009, 01:31 PM
|
#4
|
Senior Member
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137
Rep:
|
Quote:
Originally Posted by szahmad1
yes true ! The ftp server is on another machine and this machine is running iptables/fiewall/gateway
|
Got any firewall logs or can you show rules? My guess is no ftp conn track module loaded
|
|
|
11-30-2009, 12:13 AM
|
#5
|
LQ Newbie
Registered: Nov 2009
Posts: 14
Original Poster
Rep:
|
i dont have enough info what the firewall log or the rules are,but i am running fedora 10 on both server and gateway.This is one of the requirements
Q: configure your firewall (using iptables) on the gateway to allow FTP clients (using either Active or Passive mode) through to the FTP server. All other connections should not be allowed.
|
|
|
11-30-2009, 03:34 AM
|
#6
|
Senior Member
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137
Rep:
|
Quote:
Originally Posted by szahmad1
i dont have enough info what the firewall log or the rules are,but i am running fedora 10 on both server and gateway.This is one of the requirements
Q: configure your firewall (using iptables) on the gateway to allow FTP clients (using either Active or Passive mode) through to the FTP server. All other connections should not be allowed.
|
Ok...you need to read up a bit about ftp connection tracking
Code:
http://www.linuxchix.org/content/courses/security/connection_tracking
you need to load the ftp connection track modules as well as allowing the access to the correct ports in the firewall.
for example, i have loaded these modules in
Code:
/etc/sysconfig/iptables-config
to get ftp working properly.
Code:
IPTABLES_MODULES="ip_conntrack_netbios_ns ip_nat_ftp ip_conntrack"
and allowed the source ip to the ports 20 and 21
|
|
|
12-01-2009, 11:09 AM
|
#7
|
LQ Newbie
Registered: Nov 2009
Posts: 14
Original Poster
Rep:
|
And How do you allow the source ip to the ports 20 and 20, i mean the commands
|
|
|
12-02-2009, 04:00 AM
|
#8
|
Senior Member
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137
Rep:
|
Quote:
Originally Posted by szahmad1
And How do you allow the source ip to the ports 20 and 20, i mean the commands
|
Code:
iptables -I INPUT -p tcp -s x.x.x.x -m multiport --dports 20,21 -j ACCEPT
I have a similar set up on my end but not allowing port 20.
the port 20 is more of a data connection from server -> client, so the RELATED,ESTABLISHED rule(s) and or the connection tracking modules should cover this.
Last edited by centosboy; 12-02-2009 at 04:23 AM.
|
|
|
12-03-2009, 07:25 AM
|
#9
|
LQ Newbie
Registered: Nov 2009
Posts: 14
Original Poster
Rep:
|
Thanks for your support, i really appreciate it.
|
|
|
12-03-2009, 10:53 AM
|
#10
|
Senior Member
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137
Rep:
|
Quote:
Originally Posted by szahmad1
Thanks for your support, i really appreciate it.
|
thank me with a thumbs up
|
|
0 members found this post helpful.
|
12-04-2009, 12:05 AM
|
#11
|
LQ Newbie
Registered: Nov 2009
Posts: 14
Original Poster
Rep:
|
ok thanks ..........thumbs up,,,,lol
|
|
|
All times are GMT -5. The time now is 10:48 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|