03-20-2012
iptables problem with ftp
I have a pretty stock iptables script. One rule allows active ftp from an outside IP address. To troubleshoot it, I opened up ftp to all connections from the outside.
When a user outside our domain connects via FTP, they are denied. If I flush the rules, the ftp takes place successfully. This seems pretty simple, but I don't know what to try next.
Below are the applicable rules.
# flush all rules
/sbin/iptables -F
# perform stateful inspection of packets (bypasses all fitler rules)
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# FTP from the outside
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
# Drop all other incoming, allow outgoing, drop forwards
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
#Save iptables, so reboot will activate all rules
/sbin/service iptables save
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have allready opened a thread about this, but my question was really weird formed, so I'm writting it here again:
I have a Network with 4 FTP Servers, then a firewall, and then a Network with clients. The clients should have access to the FTP Servers, but it should not be possible to connect... (2 Replies)
Discussion started by: sTorm
2 Replies
2. Cybersecurity
I have 2 LAN's, seperated by a firewall, running iptables on it.
I want only allow ftp access from one to the other LAN.
Server 1 in LAN 1 should have ftp access to Server 2 in LAN 2
Server 2 in LAN 2 should not have ftp access to Server 1 in LAN 1.
Can someone tell me how to set up the... (5 Replies)
Discussion started by: sTorm
5 Replies
3. IP Networking
Greetings to all.
My new firewall is giving me one hell of a problem.
I'm running iptables and masquerading my intranet
thru NAT. But here is the problem. Whenever I try
to FTP to a server outside of my lan I get a 500
illegal port error.
I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies
4. IP Networking
Hi All,
i am newbie to the unix and i found the posts for automate ftp ,but i didnt get how we can achieve ,selecting the path during runtime for automate ftp.basically i want to ftp the files to workstation(directory should be given during runtime).
i have tried the codes from the post,but i... (1 Reply)
Discussion started by: cskumar
1 Replies
5. Shell Programming and Scripting
Hi everybody. I have the next scenary:
eth0: WAN
eth1: DMZ
eth2: LAN
I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles.
I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies
6. Shell Programming and Scripting
Hello,
I have a very simple script that put a file in server ftp
#!/bin/bash
var="ITW-trail-templiers-samedi"
cd /Users/$USER/Desktop
ftp -n >&1 << EOF
open server
quote user "user"
cd oberon
binary
put "$var"
bye
EOF
I have error :
200 Type set to IMAGE.
remote:... (2 Replies)
Discussion started by: protocomm
2 Replies
7. Shell Programming and Scripting
hi there
here is my problem
i have a shell that copy files from unix to a shared linux samba (with rcp)
i will change my linux machine with a windows one and saw rcp didnt work anymore ...
so i tried ftp and saw it worked with these following commands
ftp -niv <<fin
open 192.9.200.105
user... (3 Replies)
Discussion started by: bzh35
3 Replies
8. UNIX for Dummies Questions & Answers
I have set up a firewall on my centOS 5.6 box. I copied it from info I found online related to web servers. Everything seems to work fine but my ftp from my LAN. I am not able to ftp into the directories at all. I have the box set up as a test web server. Here is my iptable:
I have opened ports... (7 Replies)
Discussion started by: ktb231
7 Replies
9. Red Hat
Hi,
Following is the output of iptables -S command
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -s 192.168.0.5/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.5/32 -p udp -m udp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 20 -j... (3 Replies)
Discussion started by: shahdharmit
3 Replies
10. IP Networking
I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop.
In active mode : 20,21 must be open from server site. 1023 and over must be open at client site.
In passive mode : only 21,1023 and over must be... (1 Reply)
Discussion started by: getrue
1 Replies
LEARN ABOUT REDHAT
ip6tables-save
IPTABLES-SAVE(8) iptables 1.6.1 IPTABLES-SAVE(8)
NAME
iptables-save -- dump iptables rules to stdout
ip6tables-save -- dump iptables rules to stdout
SYNOPSIS
iptables-save [-M modprobe] [-c] [-t table]
ip6tables-save [-M modprobe] [-c] [-t table]
DESCRIPTION
iptables-save and ip6tables-save are used to dump the contents of IP or IPv6 Table in easily parseable format to STDOUT. Use I/O-redirect-
ion provided by your shell to write to a file.
-M, --modprobe modprobe_program
Specify the path to the modprobe program. By default, iptables-save will inspect /proc/sys/kernel/modprobe to determine the exe-
cutable's path.
-c, --counters
include the current values of all packet and byte counters in the output
-t, --table tablename
restrict output to only one table. If not specified, output includes all available tables.
BUGS
None known as of iptables-1.2.1 release
AUTHORS
Harald Welte <laforge@gnumonks.org>
Rusty Russell <rusty@rustcorp.com.au>
Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-save.
SEE ALSO
iptables-apply(8),iptables-restore(8), iptables(8)
The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which details NAT, and the netfilter-hacking-HOWTO which details the
internals.
iptables 1.6.1 IPTABLES-SAVE(8)