Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables problem with ftp
Special Forums IP Networking iptables problem with ftp Post 302609967 by bricoleur on Tuesday 20th of March 2012 04:16:23 PM
Old 03-20-2012
iptables problem with ftp
I have a pretty stock iptables script. One rule allows active ftp from an outside IP address. To troubleshoot it, I opened up ftp to all connections from the outside.
When a user outside our domain connects via FTP, they are denied. If I flush the rules, the ftp takes place successfully. This seems pretty simple, but I don't know what to try next.

Below are the applicable rules.

# flush all rules
/sbin/iptables -F

# perform stateful inspection of packets (bypasses all fitler rules)
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# FTP from the outside
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT

# Drop all other incoming, allow outgoing, drop forwards
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT

#Save iptables, so reboot will activate all rules
/sbin/service iptables save
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

iptables, ftp

I have allready opened a thread about this, but my question was really weird formed, so I'm writting it here again: I have a Network with 4 FTP Servers, then a firewall, and then a Network with clients. The clients should have access to the FTP Servers, but it should not be possible to connect... (2 Replies)
Discussion started by: sTorm
2 Replies

2. Cybersecurity

iptables: block/allow ftp

I have 2 LAN's, seperated by a firewall, running iptables on it. I want only allow ftp access from one to the other LAN. Server 1 in LAN 1 should have ftp access to Server 2 in LAN 2 Server 2 in LAN 2 should not have ftp access to Server 1 in LAN 1. Can someone tell me how to set up the... (5 Replies)
Discussion started by: sTorm
5 Replies

3. IP Networking

Ftp'ing thru a Iptables NAT Masquerade

Greetings to all. My new firewall is giving me one hell of a problem. I'm running iptables and masquerading my intranet thru NAT. But here is the problem. Whenever I try to FTP to a server outside of my lan I get a 500 illegal port error. I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies

4. IP Networking

ftp problem

Hi All, i am newbie to the unix and i found the posts for automate ftp ,but i didnt get how we can achieve ,selecting the path during runtime for automate ftp.basically i want to ftp the files to workstation(directory should be given during runtime). i have tried the codes from the post,but i... (1 Reply)
Discussion started by: cskumar
1 Replies

5. Shell Programming and Scripting

Block incoming traffic FTP from internet using iptables

Hi everybody. I have the next scenary: eth0: WAN eth1: DMZ eth2: LAN I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles. I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies

6. Shell Programming and Scripting

ftp problem

Hello, I have a very simple script that put a file in server ftp #!/bin/bash var="ITW-trail-templiers-samedi" cd /Users/$USER/Desktop ftp -n >&1 << EOF open server quote user "user" cd oberon binary put "$var" bye EOF I have error : 200 Type set to IMAGE. remote:... (2 Replies)
Discussion started by: protocomm
2 Replies

7. Shell Programming and Scripting

problem with ftp

hi there here is my problem i have a shell that copy files from unix to a shared linux samba (with rcp) i will change my linux machine with a windows one and saw rcp didnt work anymore ... so i tried ftp and saw it worked with these following commands ftp -niv <<fin open 192.9.200.105 user... (3 Replies)
Discussion started by: bzh35
3 Replies

8. UNIX for Dummies Questions & Answers

iptables-ftp

I have set up a firewall on my centOS 5.6 box. I copied it from info I found online related to web servers. Everything seems to work fine but my ftp from my LAN. I am not able to ftp into the directories at all. I have the box set up as a test web server. Here is my iptable: I have opened ports... (7 Replies)
Discussion started by: ktb231
7 Replies

9. Red Hat

iptables ftp denies ls

Hi, Following is the output of iptables -S command -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -s 192.168.0.5/32 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.5/32 -p udp -m udp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 20 -j... (3 Replies)
Discussion started by: shahdharmit
3 Replies

10. IP Networking

vsftp | active and passive ftp | iptables

I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop. In active mode : 20,21 must be open from server site. 1023 and over must be open at client site. In passive mode : only 21,1023 and over must be... (1 Reply)
Discussion started by: getrue
1 Replies

LEARN ABOUT DEBIAN

ip6tables-apply

iptables-apply(8)					      System Manager's Manual						 iptables-apply(8)

NAME

       iptables-apply - a safer way to update iptables remotely

SYNOPSIS

       iptables-apply [-hV] [-t timeout] ruleset-file

DESCRIPTION

       iptables-apply  will  try  to  apply  a new ruleset (as output by iptables-save/read by iptables-restore) to iptables, then prompt the user
       whether the changes are okay. If the new ruleset cut the existing connection, the user will not be able to answer  affirmatively.  In  this
       case, the script rolls back to the previous ruleset after the timeout expired. The timeout can be set with -t.

       When called as ip6tables-apply, the script will use ip6tables-save/-restore instead.

OPTIONS

       -t seconds, --timeout seconds
	      Sets the timeout after which the script will roll back to the previous ruleset.

       -h, --help
	      Display usage information.

       -V, --version
	      Display version information.

SEE ALSO

       iptables-restore(8), iptables-save(8), iptables(8).

LEGALESE

       iptables-apply is copyright by Martin F. Krafft.

       This manual page was written by Martin F. Krafft <madduck@madduck.net>

       Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0.

								    2006-06-04							 iptables-apply(8)
All times are GMT -4. The time now is 01:11 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy