Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 02-09-2003, 02:23 AM   #1
LQ Newbie
Registered: Feb 2003
Location: Canada
Distribution: Debian
Posts: 24

Rep: Reputation: 15
FTP server w/ IPTables


I am a newbie and am having a problem setting up a FTP server on RH 7.3 with IPTables as my firewall.

I'm just trying to do something very simple initially as a test. I know my FTP server works perfectly when I set the default policy for the INPUT chain to be "ACCEPT". But obviously this is bad security, so then I changed the default policy for INPUT to "DROP", and then added rules for the FTP ports. I added lines like

$iptables -a input -i $extif -p tcp --dport 21 -j accept #for control
$iptables -a input -i $extif -p tcp --dport 20 -j accept #for data

But then nothing worked, my FTP client just stops at the "Connected to port 21" line, and I get no login prompts, nothing.

The interesting thing is that I added in the same rule for port 22 for my SSH server, and my SSH still works perfectly (though login became very slow).

I know it's the firewall that's causing the problem, but I don't know what else to try. I have no idea how to fix it!

Any help would be great, thanks!
Old 02-09-2003, 03:15 AM   #2
Senior Member
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
You need to let the traffic of your passive FTP through also. And btw, you don't need FTP-DATA (port 20) to let through like that, the connection to FTP-DATA won't be new, etc.

Read up on stateful firewalls and connection tracking if you need more help!
Old 02-09-2003, 02:49 PM   #3
LQ Newbie
Registered: Feb 2003
Location: Canada
Distribution: Debian
Posts: 24

Original Poster
Rep: Reputation: 15
Thanks for the info

But I thought that for the simplest case of "active" FTP, that I would just need to open ports 20 and 21. I just want to test that and play around with more secure settings and passive mode later.

But so far haven't gotten it working with just ports 20 and 21. I don't know if it's there's something else I have to set or what. So far things only work if I accept everything on the INPUT chain.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP server stuck in passive with iptables running. TheRealDeal Linux - Security 5 02-24-2005 04:57 PM
FTP server (Windows) behind NAT (IPtables) SWAT Linux - Newbie 10 01-08-2004 12:54 PM
Allowing access to FTP server on LAN using IPTABLES - Help please sergio3986 Linux - Security 2 12-18-2003 12:22 PM
ftp and ftp port forwarding with IPtables?? FunkFlex Linux - Security 3 04-24-2002 03:03 AM
iptables router with ftp server bbenz3 Linux - Networking 6 02-26-2002 11:45 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:17 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration