Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables problem with ftp
Special Forums IP Networking iptables problem with ftp Post 302609967 by bricoleur on Tuesday 20th of March 2012 04:16:23 PM
Old 03-20-2012
iptables problem with ftp
I have a pretty stock iptables script. One rule allows active ftp from an outside IP address. To troubleshoot it, I opened up ftp to all connections from the outside.
When a user outside our domain connects via FTP, they are denied. If I flush the rules, the ftp takes place successfully. This seems pretty simple, but I don't know what to try next.

Below are the applicable rules.

# flush all rules
/sbin/iptables -F

# perform stateful inspection of packets (bypasses all fitler rules)
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# FTP from the outside
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT

# Drop all other incoming, allow outgoing, drop forwards
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT

#Save iptables, so reboot will activate all rules
/sbin/service iptables save
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

iptables, ftp

I have allready opened a thread about this, but my question was really weird formed, so I'm writting it here again: I have a Network with 4 FTP Servers, then a firewall, and then a Network with clients. The clients should have access to the FTP Servers, but it should not be possible to connect... (2 Replies)
Discussion started by: sTorm
2 Replies

2. Cybersecurity

iptables: block/allow ftp

I have 2 LAN's, seperated by a firewall, running iptables on it. I want only allow ftp access from one to the other LAN. Server 1 in LAN 1 should have ftp access to Server 2 in LAN 2 Server 2 in LAN 2 should not have ftp access to Server 1 in LAN 1. Can someone tell me how to set up the... (5 Replies)
Discussion started by: sTorm
5 Replies

3. IP Networking

Ftp'ing thru a Iptables NAT Masquerade

Greetings to all. My new firewall is giving me one hell of a problem. I'm running iptables and masquerading my intranet thru NAT. But here is the problem. Whenever I try to FTP to a server outside of my lan I get a 500 illegal port error. I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies

4. IP Networking

ftp problem

Hi All, i am newbie to the unix and i found the posts for automate ftp ,but i didnt get how we can achieve ,selecting the path during runtime for automate ftp.basically i want to ftp the files to workstation(directory should be given during runtime). i have tried the codes from the post,but i... (1 Reply)
Discussion started by: cskumar
1 Replies

5. Shell Programming and Scripting

Block incoming traffic FTP from internet using iptables

Hi everybody. I have the next scenary: eth0: WAN eth1: DMZ eth2: LAN I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles. I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies

6. Shell Programming and Scripting

ftp problem

Hello, I have a very simple script that put a file in server ftp #!/bin/bash var="ITW-trail-templiers-samedi" cd /Users/$USER/Desktop ftp -n >&1 << EOF open server quote user "user" cd oberon binary put "$var" bye EOF I have error : 200 Type set to IMAGE. remote:... (2 Replies)
Discussion started by: protocomm
2 Replies

7. Shell Programming and Scripting

problem with ftp

hi there here is my problem i have a shell that copy files from unix to a shared linux samba (with rcp) i will change my linux machine with a windows one and saw rcp didnt work anymore ... so i tried ftp and saw it worked with these following commands ftp -niv <<fin open 192.9.200.105 user... (3 Replies)
Discussion started by: bzh35
3 Replies

8. UNIX for Dummies Questions & Answers

iptables-ftp

I have set up a firewall on my centOS 5.6 box. I copied it from info I found online related to web servers. Everything seems to work fine but my ftp from my LAN. I am not able to ftp into the directories at all. I have the box set up as a test web server. Here is my iptable: I have opened ports... (7 Replies)
Discussion started by: ktb231
7 Replies

9. Red Hat

iptables ftp denies ls

Hi, Following is the output of iptables -S command -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -s 192.168.0.5/32 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.5/32 -p udp -m udp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 20 -j... (3 Replies)
Discussion started by: shahdharmit
3 Replies

10. IP Networking

vsftp | active and passive ftp | iptables

I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop. In active mode : 20,21 must be open from server site. 1023 and over must be open at client site. In passive mode : only 21,1023 and over must be... (1 Reply)
Discussion started by: getrue
1 Replies

LEARN ABOUT REDHAT

ip6tables-save

IPTABLES-SAVE(8)                                                  iptables 1.6.1                                                  IPTABLES-SAVE(8)

NAME

       iptables-save -- dump iptables rules to stdout

       ip6tables-save -- dump iptables rules to stdout

SYNOPSIS

       iptables-save [-M modprobe] [-c] [-t table]

       ip6tables-save [-M modprobe] [-c] [-t table]

DESCRIPTION

       iptables-save  and ip6tables-save are used to dump the contents of IP or IPv6 Table in easily parseable format to STDOUT. Use I/O-redirect-
       ion provided by your shell to write to a file.

       -M, --modprobe modprobe_program
              Specify the path to the modprobe program. By default, iptables-save will inspect /proc/sys/kernel/modprobe  to  determine  the  exe-
              cutable's path.

       -c, --counters
              include the current values of all packet and byte counters in the output

       -t, --table tablename
              restrict output to only one table. If not specified, output includes all available tables.

BUGS

       None known as of iptables-1.2.1 release

AUTHORS

       Harald Welte <laforge@gnumonks.org>
       Rusty Russell <rusty@rustcorp.com.au>
       Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-save.

SEE ALSO

       iptables-apply(8),iptables-restore(8), iptables(8)

       The  iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which details NAT, and the netfilter-hacking-HOWTO which details the
       internals.

iptables 1.6.1                                                                                                                    IPTABLES-SAVE(8)
All times are GMT -4. The time now is 09:15 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy