Login or Register to Ask a Question and Join Our Community


Red Hat

iptables ftp denies ls

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat iptables ftp denies ls
# 1  
Old 11-06-2011
Network iptables ftp denies ls
Hi,

Following is the output of iptables -S command

Code:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -s 192.168.0.5/32 -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -s 192.168.0.5/32 -p udp -m udp --dport 22 -j ACCEPT 
-A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 20 -j ACCEPT 
-A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 21 -j ACCEPT 
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 21 -j ACCEPT 
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 20 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

I don't understand iptables too much but what I want is that anonymous user can execute ls command on ftp prompt.

/etc/sysconfig/iptables-config file has the following line which I guess is required.

Code:
IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp"

Still when I log into the ftp user using thourgh anonymous user, I can't do ls.

Following is what I get
Code:
ftp> ls
550 Permission denied.
Passive mode refused.

How can I resolve this issue?
# 2  
Old 11-06-2011
Are you using ftp or vsftp?
# 3  
Old 11-06-2011
I don't think firewall rules can cause ftp to connect but refuse ls. More likely that's a 'permission denied' on the remote end for trying to read the contents of the remote directory.
# 4  
Old 11-07-2011
Quote:
Originally Posted by Corona688
I don't think firewall rules can cause ftp to connect but refuse ls. More likely that's a 'permission denied' on the remote end for trying to read the contents of the remote directory.
You got it right. Probably I had missed giving appropriate permissions. Followed the steps that I used to configure the server. And it's working fine now. Smilie

Thanks for taking interest. Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. IP Networking

iptables problem with ftp

I have a pretty stock iptables script. One rule allows active ftp from an outside IP address. To troubleshoot it, I opened up ftp to all connections from the outside. When a user outside our domain connects via FTP, they are denied. If I flush the rules, the ftp takes place successfully. This... (2 Replies)
Discussion started by: bricoleur
2 Replies

2. IP Networking

vsftp | active and passive ftp | iptables

I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop. In active mode : 20,21 must be open from server site. 1023 and over must be open at client site. In passive mode : only 21,1023 and over must be... (1 Reply)
Discussion started by: getrue
1 Replies

3. UNIX for Dummies Questions & Answers

iptables-ftp

I have set up a firewall on my centOS 5.6 box. I copied it from info I found online related to web servers. Everything seems to work fine but my ftp from my LAN. I am not able to ftp into the directories at all. I have the box set up as a test web server. Here is my iptable: I have opened ports... (7 Replies)
Discussion started by: ktb231
7 Replies

4. Shell Programming and Scripting

Block incoming traffic FTP from internet using iptables

Hi everybody. I have the next scenary: eth0: WAN eth1: DMZ eth2: LAN I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles. I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies

5. IP Networking

Ftp'ing thru a Iptables NAT Masquerade

Greetings to all. My new firewall is giving me one hell of a problem. I'm running iptables and masquerading my intranet thru NAT. But here is the problem. Whenever I try to FTP to a server outside of my lan I get a 500 illegal port error. I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies

6. Cybersecurity

iptables: block/allow ftp

I have 2 LAN's, seperated by a firewall, running iptables on it. I want only allow ftp access from one to the other LAN. Server 1 in LAN 1 should have ftp access to Server 2 in LAN 2 Server 2 in LAN 2 should not have ftp access to Server 1 in LAN 1. Can someone tell me how to set up the... (5 Replies)
Discussion started by: sTorm
5 Replies

7. UNIX for Dummies Questions & Answers

iptables, ftp

I have allready opened a thread about this, but my question was really weird formed, so I'm writting it here again: I have a Network with 4 FTP Servers, then a firewall, and then a Network with clients. The clients should have access to the FTP Servers, but it should not be possible to connect... (2 Replies)
Discussion started by: sTorm
2 Replies
Login or Register to Ask a Question