Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Problem with opening ports for ftp in iptables

Posted on 2014-07-31
4
Medium Priority
?
484 Views
Last Modified: 2014-08-01
Hi all,  If I have INPUT chain set to drop by default, and ports 20 and 21 are open, ftp doesn't work right.  I've also noticed the SSH password prompt takes a long time to show up. When I accept all input again, ftp works, and the login pops up right away. The problem with ftp is that it connects, but doesn't show any data (no directory listing once it lists). I'm using a default installation and settings (except anonymous login is off) for vsftp.  The only input rules I have are 20, 21, and my ssh port open and I set an accept all on the lo interface.  My output is set to accept.

Does anyone know what I'm doing wrong or why this isn't working?
0
Comment
Question by:Matt Kendall
4 Comments
 
LVL 29

Accepted Solution

by:
Jan Springer earned 2000 total points
ID: 40231790
questions:

1) is vsftpd configured to allow passive ftp?  if yes, you will need to update iptables_config with the conntrack_ftp

2) is sshd_config configured to do DNS lookups?  if yes and they are not resolving, then that will also cause a delay
0
 
LVL 62

Expert Comment

by:gheist
ID: 40231798
You should stop checking reverse DNS, that will cure waits.
nobody ever will connect to your port 20
you need either to load nf_conntrack_ftp ur agree between iptables, ephemeral ports and ftp server which ports to use for incoming PASV connections
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40231997
Do you have port 53 outgoing open so you can do recursive lookups?
See if you can resolve anything from within the machine while your iptables rules are in place, especially your OUTPUT rules.
0
 
LVL 2

Author Closing Comment

by:Matt Kendall
ID: 40233574
Thanks, both problems are solved now.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question