Port settings for ftp server on gateway

szahmad1 · 11-28-2009, 05:24 PM

Hi Guys ! I need to setup up ports on a fully configured gateway to allow traffic only on port 21 and 20 to access an ftp server.can plz anyone help,i actually need the commands.Thanks

centosboy · 11-28-2009, 05:39 PM

Quote:

Originally Posted by szahmad1

Hi Guys ! I need to setup up ports on a fully configured gateway to allow traffic only on port 21 and 20 to access an ftp server.can plz anyone help,i actually need the commands.Thanks

i assume this gateway is running iptables right?

szahmad1 · 11-28-2009, 11:10 PM

yes true ! The ftp server is on another machine and this machine is running iptables/firewall/gateway

centosboy · 11-29-2009, 01:31 PM

Quote:

Originally Posted by szahmad1

yes true ! The ftp server is on another machine and this machine is running iptables/fiewall/gateway

Got any firewall logs or can you show rules? My guess is no ftp conn track module loaded

szahmad1 · 11-30-2009, 12:13 AM

i dont have enough info what the firewall log or the rules are,but i am running fedora 10 on both server and gateway.This is one of the requirements

Q: configure your firewall (using iptables) on the gateway to allow FTP clients (using either Active or Passive mode) through to the FTP server. All other connections should not be allowed.

centosboy · 11-30-2009, 03:34 AM

Quote:

Originally Posted by szahmad1

i dont have enough info what the firewall log or the rules are,but i am running fedora 10 on both server and gateway.This is one of the requirements

Q: configure your firewall (using iptables) on the gateway to allow FTP clients (using either Active or Passive mode) through to the FTP server. All other connections should not be allowed.

Ok...you need to read up a bit about ftp connection tracking

Code:

http://www.linuxchix.org/content/courses/security/connection_tracking

you need to load the ftp connection track modules as well as allowing the access to the correct ports in the firewall.

for example, i have loaded these modules in

Code:

/etc/sysconfig/iptables-config

to get ftp working properly.

Code:

IPTABLES_MODULES="ip_conntrack_netbios_ns ip_nat_ftp ip_conntrack"

and allowed the source ip to the ports 20 and 21

szahmad1 · 12-01-2009, 11:09 AM

And How do you allow the source ip to the ports 20 and 20, i mean the commands

centosboy · 12-02-2009, 04:00 AM

Quote:

Originally Posted by szahmad1

And How do you allow the source ip to the ports 20 and 20, i mean the commands

Code:

iptables -I INPUT -p tcp -s x.x.x.x  -m multiport --dports 20,21 -j ACCEPT

I have a similar set up on my end but not allowing port 20.
the port 20 is more of a data connection from server -> client, so the RELATED,ESTABLISHED rule(s) and or the connection tracking modules should cover this.

szahmad1 · 12-03-2009, 07:25 AM

Thanks for your support, i really appreciate it.

centosboy · 12-03-2009, 10:53 AM

Quote:

Originally Posted by szahmad1

Thanks for your support, i really appreciate it.

thank me with a thumbs up

szahmad1 · 12-04-2009, 12:05 AM

ok thanks ..........thumbs up,,,,lol