03-20-2012
iptables problem with ftp
I have a pretty stock iptables script. One rule allows active ftp from an outside IP address. To troubleshoot it, I opened up ftp to all connections from the outside.
When a user outside our domain connects via FTP, they are denied. If I flush the rules, the ftp takes place successfully. This seems pretty simple, but I don't know what to try next.
Below are the applicable rules.
# flush all rules
/sbin/iptables -F
# perform stateful inspection of packets (bypasses all fitler rules)
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# FTP from the outside
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
# Drop all other incoming, allow outgoing, drop forwards
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
#Save iptables, so reboot will activate all rules
/sbin/service iptables save
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have allready opened a thread about this, but my question was really weird formed, so I'm writting it here again:
I have a Network with 4 FTP Servers, then a firewall, and then a Network with clients. The clients should have access to the FTP Servers, but it should not be possible to connect... (2 Replies)
Discussion started by: sTorm
2 Replies
2. Cybersecurity
I have 2 LAN's, seperated by a firewall, running iptables on it.
I want only allow ftp access from one to the other LAN.
Server 1 in LAN 1 should have ftp access to Server 2 in LAN 2
Server 2 in LAN 2 should not have ftp access to Server 1 in LAN 1.
Can someone tell me how to set up the... (5 Replies)
Discussion started by: sTorm
5 Replies
3. IP Networking
Greetings to all.
My new firewall is giving me one hell of a problem.
I'm running iptables and masquerading my intranet
thru NAT. But here is the problem. Whenever I try
to FTP to a server outside of my lan I get a 500
illegal port error.
I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies
4. IP Networking
Hi All,
i am newbie to the unix and i found the posts for automate ftp ,but i didnt get how we can achieve ,selecting the path during runtime for automate ftp.basically i want to ftp the files to workstation(directory should be given during runtime).
i have tried the codes from the post,but i... (1 Reply)
Discussion started by: cskumar
1 Replies
5. Shell Programming and Scripting
Hi everybody. I have the next scenary:
eth0: WAN
eth1: DMZ
eth2: LAN
I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles.
I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies
6. Shell Programming and Scripting
Hello,
I have a very simple script that put a file in server ftp
#!/bin/bash
var="ITW-trail-templiers-samedi"
cd /Users/$USER/Desktop
ftp -n >&1 << EOF
open server
quote user "user"
cd oberon
binary
put "$var"
bye
EOF
I have error :
200 Type set to IMAGE.
remote:... (2 Replies)
Discussion started by: protocomm
2 Replies
7. Shell Programming and Scripting
hi there
here is my problem
i have a shell that copy files from unix to a shared linux samba (with rcp)
i will change my linux machine with a windows one and saw rcp didnt work anymore ...
so i tried ftp and saw it worked with these following commands
ftp -niv <<fin
open 192.9.200.105
user... (3 Replies)
Discussion started by: bzh35
3 Replies
8. UNIX for Dummies Questions & Answers
I have set up a firewall on my centOS 5.6 box. I copied it from info I found online related to web servers. Everything seems to work fine but my ftp from my LAN. I am not able to ftp into the directories at all. I have the box set up as a test web server. Here is my iptable:
I have opened ports... (7 Replies)
Discussion started by: ktb231
7 Replies
9. Red Hat
Hi,
Following is the output of iptables -S command
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -s 192.168.0.5/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.5/32 -p udp -m udp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 20 -j... (3 Replies)
Discussion started by: shahdharmit
3 Replies
10. IP Networking
I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop.
In active mode : 20,21 must be open from server site. 1023 and over must be open at client site.
In passive mode : only 21,1023 and over must be... (1 Reply)
Discussion started by: getrue
1 Replies
LEARN ABOUT DEBIAN
ip6tables-apply
iptables-apply(8) System Manager's Manual iptables-apply(8)
NAME
iptables-apply - a safer way to update iptables remotely
SYNOPSIS
iptables-apply [-hV] [-t timeout] ruleset-file
DESCRIPTION
iptables-apply will try to apply a new ruleset (as output by iptables-save/read by iptables-restore) to iptables, then prompt the user
whether the changes are okay. If the new ruleset cut the existing connection, the user will not be able to answer affirmatively. In this
case, the script rolls back to the previous ruleset after the timeout expired. The timeout can be set with -t.
When called as ip6tables-apply, the script will use ip6tables-save/-restore instead.
OPTIONS
-t seconds, --timeout seconds
Sets the timeout after which the script will roll back to the previous ruleset.
-h, --help
Display usage information.
-V, --version
Display version information.
SEE ALSO
iptables-restore(8), iptables-save(8), iptables(8).
LEGALESE
iptables-apply is copyright by Martin F. Krafft.
This manual page was written by Martin F. Krafft <madduck@madduck.net>
Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0.
2006-06-04 iptables-apply(8)