Solved

Problem with opening ports for ftp in iptables

Posted on 2014-07-31
4
474 Views
Last Modified: 2014-08-01
Hi all,  If I have INPUT chain set to drop by default, and ports 20 and 21 are open, ftp doesn't work right.  I've also noticed the SSH password prompt takes a long time to show up. When I accept all input again, ftp works, and the login pops up right away. The problem with ftp is that it connects, but doesn't show any data (no directory listing once it lists). I'm using a default installation and settings (except anonymous login is off) for vsftp.  The only input rules I have are 20, 21, and my ssh port open and I set an accept all on the lo interface.  My output is set to accept.

Does anyone know what I'm doing wrong or why this isn't working?
0
Comment
Question by:kendalltech
4 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 40231790
questions:

1) is vsftpd configured to allow passive ftp?  if yes, you will need to update iptables_config with the conntrack_ftp

2) is sshd_config configured to do DNS lookups?  if yes and they are not resolving, then that will also cause a delay
0
 
LVL 62

Expert Comment

by:gheist
ID: 40231798
You should stop checking reverse DNS, that will cure waits.
nobody ever will connect to your port 20
you need either to load nf_conntrack_ftp ur agree between iptables, ephemeral ports and ftp server which ports to use for incoming PASV connections
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40231997
Do you have port 53 outgoing open so you can do recursive lookups?
See if you can resolve anything from within the machine while your iptables rules are in place, especially your OUTPUT rules.
0
 
LVL 2

Author Closing Comment

by:kendalltech
ID: 40233574
Thanks, both problems are solved now.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question