[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

Problem with opening ports for ftp in iptables

Hi all,  If I have INPUT chain set to drop by default, and ports 20 and 21 are open, ftp doesn't work right.  I've also noticed the SSH password prompt takes a long time to show up. When I accept all input again, ftp works, and the login pops up right away. The problem with ftp is that it connects, but doesn't show any data (no directory listing once it lists). I'm using a default installation and settings (except anonymous login is off) for vsftp.  The only input rules I have are 20, 21, and my ssh port open and I set an accept all on the lo interface.  My output is set to accept.

Does anyone know what I'm doing wrong or why this isn't working?
0
Matt Kendall
Asked:
Matt Kendall
1 Solution
 
Jan SpringerCommented:
questions:

1) is vsftpd configured to allow passive ftp?  if yes, you will need to update iptables_config with the conntrack_ftp

2) is sshd_config configured to do DNS lookups?  if yes and they are not resolving, then that will also cause a delay
0
 
gheistCommented:
You should stop checking reverse DNS, that will cure waits.
nobody ever will connect to your port 20
you need either to load nf_conntrack_ftp ur agree between iptables, ephemeral ports and ftp server which ports to use for incoming PASV connections
0
 
Kent WSr. Network / Systems AdminCommented:
Do you have port 53 outgoing open so you can do recursive lookups?
See if you can resolve anything from within the machine while your iptables rules are in place, especially your OUTPUT rules.
0
 
Matt KendallTech / Business owner operatorAuthor Commented:
Thanks, both problems are solved now.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now