Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables-ftp
Top Forums UNIX for Dummies Questions & Answers iptables-ftp Post 302555259 by DGPickett on Wednesday 14th of September 2011 09:33:14 AM
Old 09-14-2011
Well, there is a facility called chroot, or ftp server settings, that can make their home dir the root of their view. The latter protection sometimes fails when the user adds a symlink like: ~/root to /

You could give them the same facilities in a web tool, and not mess with nasty old ftp. I just uploaded my resume on comcast home with a nice web 2.0 tool they provide. FTP is very old and a challenge to firewalls and NAT with IP addresses in the message flow and multiple connections in both directions.

BTW, sftp and scp are just ssh in a compatible wrapper. They run on different servers, are secure, do not use multiple connection, connections in both directions or IP addresses inside message flow. They are secure and usually offer compression. I like scp, one line not reams of scripted steps. Their forerunners rlogin/rsh/rcp had security and design problems, and so fell into disrepute, but have no encryption overhead.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

iptables, ftp

I have allready opened a thread about this, but my question was really weird formed, so I'm writting it here again: I have a Network with 4 FTP Servers, then a firewall, and then a Network with clients. The clients should have access to the FTP Servers, but it should not be possible to connect... (2 Replies)
Discussion started by: sTorm
2 Replies

2. Cybersecurity

iptables: block/allow ftp

I have 2 LAN's, seperated by a firewall, running iptables on it. I want only allow ftp access from one to the other LAN. Server 1 in LAN 1 should have ftp access to Server 2 in LAN 2 Server 2 in LAN 2 should not have ftp access to Server 1 in LAN 1. Can someone tell me how to set up the... (5 Replies)
Discussion started by: sTorm
5 Replies

3. IP Networking

Ftp'ing thru a Iptables NAT Masquerade

Greetings to all. My new firewall is giving me one hell of a problem. I'm running iptables and masquerading my intranet thru NAT. But here is the problem. Whenever I try to FTP to a server outside of my lan I get a 500 illegal port error. I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies

4. UNIX for Advanced & Expert Users

Using FTP to check whether file is completely FTP... plz find the description below

Hi, We have some clients who will place huge files in to one of the remote server. And the shell script written in our local server to retrieve client files (using FTP) placed on one of the remote server of ours by clients. My question Is there any FTP command/script to check from my local... (1 Reply)
Discussion started by: nmsrao
1 Replies

5. Shell Programming and Scripting

Automated FTP script using .netrc to multiple FTP servers

Hi all, I'm using the following script to automated ftp files to 1 ftp servers host=192.168.0.1 /usr/bin/ftp -vi >> $bkplog 2>&1 <<ftp open $host bin cd ${directory} put $files quit ftp and the .netrc file contain machine 192.168.0.1 login abc... (4 Replies)
Discussion started by: varu0612
4 Replies

6. Shell Programming and Scripting

Block incoming traffic FTP from internet using iptables

Hi everybody. I have the next scenary: eth0: WAN eth1: DMZ eth2: LAN I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles. I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies

7. Red Hat

iptables ftp denies ls

Hi, Following is the output of iptables -S command -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -s 192.168.0.5/32 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.5/32 -p udp -m udp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 20 -j... (3 Replies)
Discussion started by: shahdharmit
3 Replies

8. HP-UX

[Solved] Unable to rename file in ftp server .Net:FTP perl

Hello All, I am trying to connect to ftp server and get the files. Also i need to rename the file in other ftp dir. rename method is not allowing me to rename the file in other dir. When i tried copy command by using net::FTP:FILE then perl says it is not installed. Can some body help me to... (2 Replies)
Discussion started by: krsnadasa
2 Replies

9. IP Networking

vsftp | active and passive ftp | iptables

I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop. In active mode : 20,21 must be open from server site. 1023 and over must be open at client site. In passive mode : only 21,1023 and over must be... (1 Reply)
Discussion started by: getrue
1 Replies

10. IP Networking

iptables problem with ftp

I have a pretty stock iptables script. One rule allows active ftp from an outside IP address. To troubleshoot it, I opened up ftp to all connections from the outside. When a user outside our domain connects via FTP, they are denied. If I flush the rules, the ftp takes place successfully. This... (2 Replies)
Discussion started by: bricoleur
2 Replies

LEARN ABOUT HPUX

dput.cf

dput.cf(5)							File Formats Manual							dput.cf(5)

NAME

       dput.cf - Debian package upload tool configuration file

DESCRIPTION

       This manpage gives a brief overview of dput's configuration file and the available options in it.  dput is a tool to upload Debian packages
       to the archive.

FORMAT

       dput.cf consists of different groups of configuration options, one for each host where you want to be able to upload  packages.	Hosts  are
       defined	using  an  identifier header with a short name for the host, enclosed in square brackets.  Note that only if multiple such headers
       are encountered in the configuration, only the group following the last header is considered. This is done to avoid confusion when overrid-
       ing  a global configuration file with a user-specific one.  There's a special identifier, [DEFAULT], which holds default parameters for all
       the hosts. The defaults can be overridden by redefining them again in each host section. The available parameters are listed below:

       fqdn   This is the fully qualified domain name that will be used (can be specified as host:port for HTTP, HTTPS and FTP).

       login  Your login on the machine named before. A single asterisk * will cause the scp and rsync uploaders to not use supply  a  login  name
	      when calling to ssh, scp, and rsync.

       incoming
	      The directory that you should upload the files to.

       method The method that you want to use for uploading the files.	Currently, dput accepts the following values for method:

	      ftp    the  package  will  be  uploaded  via  ftp, either anonymously or using a login/password. Note that ftp is unencrypted so you
		     should not use password authentication with this.

	      http and https
		     the package will be uploaded via http or https using the PUT method as specified in WebDAV. The upload method will prompt for
		     a password if necessary.

	      scp    the  package  will  be  uploaded using ssh's scp. This transfers files using a secure ssh tunnel, and needs an account on the
		     upload machine.

	      rsync  the package will be uploaded using rsync over ssh. This is similar to scp, but can save some  bandwidth  if  the  destination
		     file already exists on the upload server. It also needs a login on the remote machine as it uses ssh.

	      local  the package will be "uploaded" locally using /usr/bin/install.  This transfers files to a local incoming directory, and needs
		     appropriate permissions set on that directory.

       hash   The hash algorithm that should be used in calculating the checksum of the files before uploading them. Currently, dput  accepts  the
	      following values for hash:

	      md5    use the md5 algorithm for calculation

	      sha    use the sha algorithm for calculation

       allow_unsigned_uploads
	      This defines if you are allowed to upload files without a GnuPG signature to this host or not.

       allow_dcut
	      This defines if you are allowed to upload a dcut changes file to the queue to remove or move files.

       distributions
	      This defines a comma-separated list of distributions that this host accepts, used to guess the host to use when none is given on the
	      command line.

       allowed_distributions
	      A regular expression (of Python re module syntax) that the distribution field must match or dput will refuse the upload.

       delayed
	      Set a numeric default parameter for delayed uploads (i.e. uploads to this queue will  be	delayed  the  specified  number  of  days.
	      Defaults to the empty string, meaning no delay. This only works with upload queues that support delayed uploads.

       run_lintian
	      This  option  defines  if lintian should be run before the package will be uploaded or not. If the package is not lintian clean, the
	      upload will not happen.

       run_dinstall
	      This options defines if dinstall -n should be run after the package has been uploaded or not. This is an easy way to  test  if  your
	      package would be installed into the archive or not.

       check_version
	      This  option  defines if dput should check if the user has installed the package in his system for testing it before putting it into
	      the archive. If the user has not installed and tested it, dput will reject the upload.

       passive_ftp
	      This option defines if dput should use passive ftp or active ftp for uploading a package to one of the upload  queues.  By  default,
	      dput uses passive ftp connections. If you need to use active ftp connections, set passive_ftp to 0.

       progress_indicator
	      This integer option defines if dput should display a progress indicator for the upload. (Currently implemented in ftp only.)
	      Supported values: 0 (default) - no progress, 1 - rotating progress indicator, and 2 - kilobyte counter.

       scp_compress
	      This option defines if the scp upload to the host will be compressed, or not.  This option is only used for the 'scp' upload method,
	      and has been found to decrease upload time for slow links, and increase upload times for faster links.

       ssh_config_options
	      The arguments of this config options should be ssh config file options in the style documented in ssh_config(5). They will be passed
	      to  all  automatic  invocations of ssh and scp by dput. Note that you can define multiline (dput) configuration options by indenting
	      the second line with whitespace (i.e. similar to RFC822 header continuations).

       post_upload_command
	      This option defines a command to be run by dput after a successful upload.

       pre_upload_command
	      This option defines a command to be run by dput before a upload happens.

       default_host_main
	      This defines the default host for packages that are allowed to be uploaded to the main archive. This variable is used when  guessing
	      the host to upload to.

BUGS

       Please send bug reports to the author.

FILES

       /etc/dput.cf
	      global dput configuration file

       ~/.dput.cf
	      peruser dput configuration file

AUTHOR

       Christian Kurz. Updated by Thomas Viehmann <tv@beamnet.de>.

       Many other people have contributed to this code. See the Thanks file.

SEE ALSO

       dput(1)
       /usr/share/doc/dput

COMMENTS

       The author appreciates comments and suggestions from you, if any.

								   April 8, 2001							dput.cf(5)
All times are GMT -4. The time now is 05:44 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy