Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: vsftp | active and passive ftp | iptables
Special Forums IP Networking vsftp | active and passive ftp | iptables Post 302579101 by getrue on Sunday 4th of December 2011 05:14:35 PM
Old 12-04-2011
vsftp | active and passive ftp | iptables
I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop.

In active mode : 20,21 must be open from server site. 1023 and over must be open at client site.
In passive mode : only 21,1023 and over must be open at server site.

Which rule that I must add into the iptable list for passive ftp mode.Smilie

Code:
# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
#

 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

passive ftp problem

Hello! Im having a strange problem. Im getting "Possible PASV port theft, cannot open data connection" when i try to ftp from one machine to another. This dosent happen everytime, only once in a while. Ive checked the firewall, and everything is open betwen client -> server, no restrictions... (1 Reply)
Discussion started by: dozy
1 Replies

2. Linux

How to set up FTP Server with Active Directory

I've set up a FTP server (vsftpd) with some local user account and it works fine. Now i want to upgrade this FTP server with an ability that can authorize user through Active Directory. I do a search around our forum and it leads me to this page: Native LDAP, native Kerberos and Windows Server... (0 Replies)
Discussion started by: cthinh
0 Replies

3. UNIX for Dummies Questions & Answers

cURL Active FTP Download

Hello, I know this is probably a very silly question for most but how to do I force curl to do active FTP downloads? Thank you Dallas (2 Replies)
Discussion started by: Dallasbr
2 Replies

4. Shell Programming and Scripting

error while passive ftp file transfer

hi i am doing a passive ftp file transfer . during that i got the following error. "ftp> put FTPS_MAILBOX local: FTPS_MAILBOX remote: FTPS_MAILBOX 421 Service not available, remote server has closed connection Passive mode refused. Turning off passive mode. No control connection for... (1 Reply)
Discussion started by: Satyak
1 Replies

5. Solaris

vsftp is not working only when i ftp from windows server

Hello Gurus, Naif is implemented for only for port 21 for few windows servers. I have made my linux 5.1 as my FTP server. After installing vsftpd i could ftp from other linux server. linux to linux (ftp server) But same when i ftp from other windows server which only port 21 is enabled.... (0 Replies)
Discussion started by: bullz26
0 Replies

6. Linux

vsftp is not working only when i ftp from windows server

Hello Gurus, Naif is implemented for only for port 21 for few windows servers. I have made my linux 5.1 as my FTP server. After installing vsftpd i could ftp from other linux server. linux to linux (ftp server) But same when i ftp from other windows server which only port 21 is enabled.... (2 Replies)
Discussion started by: bullz26
2 Replies

7. AIX

AIX HACMP Active/Passive Config

I have a HACMP 6.1 configured in a active/passive. I have 1 NIC with 3 IP address on (Boot, Persistent and Service ) . All address are routable. One of the application on the HA cluster is also using Boot Ip to send application data. Question : Since all the traffic is passing thru the same... (3 Replies)
Discussion started by: mk8570
3 Replies

8. AIX

ftp connect in passive mode , ftp settings

how to connect to ftp server in passive mode? ftp server.abc and how can i see ftp settings, doesn't exist some ftpd.conf there is some other file where i check the options and configurations of ftp server? Thanks (3 Replies)
Discussion started by: prpkrk
3 Replies

9. Linux

active mode ftp connection from linux

Hi, We have one java client which connects to a windows server through ftp in active mode and gets files. When we run this client on hp-ux, it is able to transfer 100k files. But when we run the same client on Linux server it is able to transfer only 200 files at max and it is hanging there... (1 Reply)
Discussion started by: urspradeep330
1 Replies

LEARN ABOUT PHP

connect

transfer::connect(n)					     Data transfer facilities					      transfer::connect(n)

__________________________________________________________________________________________________________________________________________________

NAME

       transfer::connect - Connection setup

SYNOPSIS

       package require Tcl  8.4

       package require snit  ?1.0?

       package require transfer::connect  ?0.1?

       transfer::connect object ?options...?

       object destroy

       object connect command

_________________________________________________________________

DESCRIPTION

       This  package  provides objects holding enough information to enable them to either connect to a counterpart, or to be connected to by said
       counterpart.  I.e. any object created by this packages is always in one of two complementary modes, called active (the object initiates the
       connection) and passive (the object receives the connection).

       Of the two objects in a connecting pair one has to be configured for active mode, and the other then has to be configured for passive mode.
       This establishes which of the two partners connects to whom (the active to the other), or, who is waiting  on  whom  (the  passive  on  the
       other).	 Note  that this is completely independent of the direction of any data transmission using the connection after it has been estab-
       lished.	An active node can, after establishing the connection, either transmit or receive data. Equivalently the passive node can  do  the
       same after the waiting for it partner has ended.

API

       transfer::connect object ?options...?
	      This  command  creates  and  configures  a  new connection object. The fully qualified name of the object command is returned as the
	      result of the command.

	      The recognized options are listed below.

	      -mode mode
		     This option specifies the mode the object is in. It is optional and defaults to active mode. The two possible modes are:

		     active In this mode the two options -host and -port are relevant and specify the host and TCP port the object has to  connect
			    to. The host is given by either name or IP address.

		     passive
			    In	this  mode  the  option -host has no relevance and is ignored should it be configured.	The only option the object
			    needs is -port, and it specifies the TCP port on which the listening socket is opened to await the connection from the
			    partner.

	      -host hostname-or-ipaddr
		     This  option  specifies the host to connect to in active mode, either by name or ip-address. An object configured for passive
		     mode ignores this option.

	      -port int
		     For active mode this option specifies the port the object is expected to connect to. For passive mode however it is the  port
		     where  the  object creates the listening socket waiting for a connection. It defaults to 0, which allows the OS to choose the
		     actual port to listen on.

	      -encoding encodingname

	      -eofchar eofspec

	      -translation transspec
		     These options are the same as are recognized by the builtin command fconfigure. They provide the configuration to be set  for
		     the channel between the two partners after it has been established, but before the callback is invoked (See method connect).

       object destroy
	      This  method  destroys  the  object.   This is safe to do for an active object when a connection has been started, as the completion
	      callback is synchronous.	For a passive object currently waiting for its parter to establish the connection however this is not safe
	      and  will  cause	errors	later  on,  when the connection setup completes and tries to access the now missing data structures of the
	      destroyed object.

       object connect command
	      This method starts the connection setup per the configuration of the object. When the connection is established the callback command
	      will be invoked with one additional argument, the channel handle of the socket over which data can be transfered.

	      The  detailed  behaviour	of  the  method  depends  on  the  configured mode. For an active object the connection setup is done syn-
	      chronously. I.e. the object will wait until the connection is established. In that mode the method returns the empty string  as  its
	      result.

	      A  passive  object however operates asynchronously. The method will return immediately after a listener has been set up and the con-
	      nection will be established in the background. In that mode the method returns the port number of the listening socket, for  use	by
	      the caller, like transfering this information to the counterpart so that it may know where to connect to.

	      This is necessary as the object might have been configured for port 0, allowing the OS to choose the actual port it will listen on.

	      The  listening port is closed immediately when the connection was established by the partner, to keep the time interval small within
	      which a third party can connect to the port too. Even so it is recommended to use additional measures in the protocol outside of the
	      connect and transfer object to ensure that a connection is not used with an unidentified/unauthorized partner.

BUGS, IDEAS, FEEDBACK
       This document, and the package it describes, will undoubtedly contain bugs and other problems.  Please report such in the category transfer
       of the Tcllib SF Trackers [http://sourceforge.net/tracker/?group_id=12883].  Please also report any ideas for enhancements you may have for
       either package and/or documentation.

KEYWORDS

       active, channel, connection, passive, transfer

COPYRIGHT

       Copyright (c) 2006 Andreas Kupries <andreas_kupries@users.sourceforge.net>

transfer								0.1						      transfer::connect(n)
All times are GMT -4. The time now is 06:08 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy