Advertisement

01.09.2008 at 07:32PM PST, ID: 23071634
[x]
Attachment Details

FC3: How to set iptables rules for ftp passive mode

Asked by Jerryleo in Linux Setup, Linux Networking, Linux Network Security

Tags: ftp, iptables, passive, mode

I failed to get ftp work using passive mod on a fc3 box, it always complains "ftp: connect: No route to host". If I turn passive mode OFF, ftp works fine; if I turn off firewall, all works. And on a DOS box, ftp work fine with both of passive and active mod.

I already set IPTABLES_MODULES="ip_nat_ftp ip_conntrack_ftp" in /etc/sysconfig/iptables-config, it stil didn't work.

Is there any missing?

Thanks

JerryStart Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:

************************iptables  rules***************************
/sbin/iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
31561   16M RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 
Chain OUTPUT (policy ACCEPT 11957 packets, 2213K bytes)
 pkts bytes target     prot opt in     out     source               destination
 
Chain RH-Firewall-1-INPUT (2 references)
 pkts bytes target     prot opt in     out     source               destination
  529  512K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
   17  1496 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 255
    0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251         udp dpt:5353
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:631
13992   14M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:20
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:21
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
17023 1612K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
 
 
******************lsmod output**************************
[root@beks-m04 script]# /sbin/lsmod
Module                  Size  Used by
parport_pc             28293  1
lp                     12873  0
parport                40073  2 parport_pc,lp
autofs4                28229  0
i2c_dev                10945  0
i2c_core               21313  1 i2c_dev
sunrpc                164229  1
pcmcia                 28897  2
ip_nat_ftp              3393  0
iptable_nat            22037  1 ip_nat_ftp
ip_conntrack_ftp       73169  1 ip_nat_ftp
ipt_REJECT              5441  1
ipt_state               1857  2
ip_conntrack           41369  4 ip_nat_ftp,iptable_nat,ip_conntrack_ftp,ipt_state
iptable_filter          2881  1
ip_tables              19521  4 iptable_nat,ipt_REJECT,ipt_state,iptable_filter
[+][-]01.09.2008 at 08:04PM PST, ID: 20624847

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.09.2008 at 08:26PM PST, ID: 20624934

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.10.2008 at 04:07AM PST, ID: 20626513

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.10.2008 at 04:43AM PST, ID: 20626664

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.10.2008 at 02:01PM PST, ID: 20631774

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.10.2008 at 08:25PM PST, ID: 20634172

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.15.2008 at 12:31AM PST, ID: 20660919

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.15.2008 at 09:47AM PST, ID: 20664661

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.15.2008 at 08:41PM PST, ID: 20669275

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.16.2008 at 12:39PM PST, ID: 20675839

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.18.2008 at 06:59AM PST, ID: 20690715

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.18.2008 at 10:04AM PST, ID: 20692629

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.18.2008 at 01:41PM PST, ID: 20694450

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.18.2008 at 07:21PM PST, ID: 20695951

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.18.2008 at 07:39PM PST, ID: 20695980

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.18.2008 at 10:49PM PST, ID: 20696444

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.19.2008 at 12:48PM PST, ID: 20698875

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.19.2008 at 01:14PM PST, ID: 20699039

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.19.2008 at 05:29PM PST, ID: 20699734

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.20.2008 at 12:37AM PST, ID: 20700526

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.20.2008 at 12:58AM PST, ID: 20700554

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.20.2008 at 06:40AM PST, ID: 20701208

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Linux Setup, Linux Networking, Linux Network Security
Tags: ftp, iptables, passive, mode
Sign Up Now!
Solution Provided By: diepes
Participating Experts: 5
Solution Grade: B
 
 
[+][-]01.20.2008 at 05:07PM PST, ID: 20703261

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.20.2008 at 11:52PM PST, ID: 20704446

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]01.23.2008 at 04:00AM PST, ID: 20722583

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628