LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-10-2017, 03:55 AM   #1
qrange
Senior Member
 
Registered: Jul 2006
Location: Belgrade, Yugoslavia
Distribution: Debian stable/testing, amd64
Posts: 1,043

Rep: Reputation: 47
Firewall Builder - active FTP


Hi,

is there a way to make a rule in 'FirewallBuilder v5.1' so that it uses 'stateful' mode, and allows active FTP for client?

thanks.
 
Old 08-10-2017, 05:30 AM   #2
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009
For active mode you must configure the ftp client to use a limited range of ports for listening. Then, you have to open those ports in the firewall. For stateful filtering, you allow the states RELATED,ESTABLISHED.
 
1 members found this post helpful.
Old 08-10-2017, 06:11 AM   #3
qrange
Senior Member
 
Registered: Jul 2006
Location: Belgrade, Yugoslavia
Distribution: Debian stable/testing, amd64
Posts: 1,043

Original Poster
Rep: Reputation: 47
Quote:
Originally Posted by AwesomeMachine View Post
For active mode you must configure the ftp client to use a limited range of ports for listening. Then, you have to open those ports in the firewall. For stateful filtering, you allow the states RELATED,ESTABLISHED.
thanks, how do I configure builtin command line ftp client to listen to, say, port 3333 only? what about lftp?
 
Old 08-11-2017, 09:27 AM   #4
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009
I guess the Linux ftp client can't be configured that way. You'll need to allow high ports:
Code:
iptables -A INPUT -p tcp -m multiport --dports 1024:65535 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Managing A Single Firewall Policy For Multiple Servers Using Firewall Builder LXer Syndicated Linux News 0 12-06-2010 10:20 AM
LXer: Using Firewall Object In Firewall Builder LXer Syndicated Linux News 0 05-27-2009 09:40 AM
Configure Active FTP in Firewall through iptables atpchn Linux - Newbie 6 05-11-2009 07:59 AM
Help needed with IPCop Firewall and active FTP Damchi Linux - Newbie 5 11-17-2005 11:08 AM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 12:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration