LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page IPTables :: Allowing passive FTP
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-16-2007, 11:38 PM   #1
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Rep: Reputation: 30
IPTables :: Allowing passive FTP

Hi guys,

I realise with iptables on, I can't connect via passive ftp.
While its no issue to connect with active ftp, but filezilla defaults to passive ftp and I was hoping to allow it so as not to leave my end-users with too many question marks.

How should I go about it? tried a few methods online but couldn't work.

I amusing either RHEL or CentOS.

Thanks!
 
Old 04-17-2007, 04:37 AM   #2
sin
LQ Newbie
 
Registered: Jun 2005
Location: UK
Distribution: Slackware
Posts: 28

Rep: Reputation: 15
Sounds like you need to investigate

ip_conntrack_ftp

and

ip_conntrack
 
Old 04-17-2007, 06:37 PM   #3
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Sin is right, you need to load the 2 modules for passive ftp. Once you load the modules you can write a rule for port 21 and then ip_conntrack_ftp and ip_conntrack will take care of port 20 (data) automatically for you.
 
Old 04-18-2007, 04:54 AM   #4
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Original Poster
Rep: Reputation: 30
ok got it. thanks for the tip!

basically i run "/sbin/modprobe ip_conntrack_ftp " in rc.local

it works now
 
Old 04-19-2007, 10:26 PM   #5
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally Posted by Swakoo
ok got it. thanks for the tip!

basically i run "/sbin/modprobe ip_conntrack_ftp " in rc.local

it works now
Good to hear its working
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables and passive ftp gabsik Linux - Networking 8 01-28-2007 04:15 AM
Allowing Passive and Active FTP Connection Swakoo Linux - Networking 7 12-27-2005 02:23 AM
iptables and passive ftp behind NAT radix Linux - Security 7 10-21-2003 02:06 PM
IPtables and Passive FTP MatrixIII007 Linux - Security 2 10-16-2003 08:10 AM
iptables and passive FTP behind the nat radix Linux - Security 5 09-16-2003 07:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:14 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration