Solved

Problem with opening ports for ftp in iptables

Posted on 2014-07-31
4
473 Views
Last Modified: 2014-08-01
Hi all,  If I have INPUT chain set to drop by default, and ports 20 and 21 are open, ftp doesn't work right.  I've also noticed the SSH password prompt takes a long time to show up. When I accept all input again, ftp works, and the login pops up right away. The problem with ftp is that it connects, but doesn't show any data (no directory listing once it lists). I'm using a default installation and settings (except anonymous login is off) for vsftp.  The only input rules I have are 20, 21, and my ssh port open and I set an accept all on the lo interface.  My output is set to accept.

Does anyone know what I'm doing wrong or why this isn't working?
0
Comment
Question by:kendalltech
4 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 40231790
questions:

1) is vsftpd configured to allow passive ftp?  if yes, you will need to update iptables_config with the conntrack_ftp

2) is sshd_config configured to do DNS lookups?  if yes and they are not resolving, then that will also cause a delay
0
 
LVL 62

Expert Comment

by:gheist
ID: 40231798
You should stop checking reverse DNS, that will cure waits.
nobody ever will connect to your port 20
you need either to load nf_conntrack_ftp ur agree between iptables, ephemeral ports and ftp server which ports to use for incoming PASV connections
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40231997
Do you have port 53 outgoing open so you can do recursive lookups?
See if you can resolve anything from within the machine while your iptables rules are in place, especially your OUTPUT rules.
0
 
LVL 2

Author Closing Comment

by:kendalltech
ID: 40233574
Thanks, both problems are solved now.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question