FTP from iptables

From: Derry Santoso (derry@ainet.co.id)
Date: 09/26/01 

Message-ID: <009301c1468e$f5a339e0$0d00a8c0@ainet.com>
From: "Derry Santoso" <derry@ainet.co.id>
To: <focus-linux@securityfocus.com>
Subject: FTP from iptables
Date: Wed, 26 Sep 2001 20:27:15 +0700

Hello All,

First, please excuse my english. :-)
I've installed redhat 7.1 box with iptables to masquerade intranet
hosts.
And when I use my windows98 client and use build-in ftp client,
after a successful login, when I typed 'dir' or 'ls', this message
came up :

User (xxx.xxxxxx.xxxxx:(none)): derry
331 Password required for derry.
Password:
230-Welcome to FTP Server xxxxxxx.xxxx!
230-All transfers are logged, so please use this service wisely
230-
230-Have a nice day!
230-
230-
230-Please read the file README
230- it was last modified on Tue Dec 2 12:33:55 1997 - 1393 days ago
230 User derry logged in.
ftp> dir
500 Illegal PORT Command
425 Can't build data connection: Connection refused.
ftp> ls -l
425 Can't build data connection: Connection refused.
ftp>

What happen here?
I think there are something wrong with ftp module for iptables.
I already used ip_nat_ftp.

[root@xxxxxx /root]# lsmod
Module Size Used by
ip_nat_ftp 3760 0 (unused)
ipt_REJECT 2528 4 (autoclean)
ipt_MASQUERADE 1712 1 (autoclean)
iptable_nat 16160 1 (autoclean) [ip_nat_ftp ipt_MASQUERADE]
ip_conntrack 15824 1 (autoclean) [ip_nat_ftp ipt_MASQUERADE
iptable_nat]
iptable_filter 2304 0 (autoclean) (unused)
ip_tables 11072 6 [ipt_REJECT ipt_MASQUERADE iptable_nat
iptable_filter]
8139too 16480 1 (autoclean)
3c59x 25344 1 (autoclean)
[...and so on...]

FYI, this only happen when I use rh 7.1 with iptables. I've tested
ipchains with ip_masq_ftp, it goes smooth & well..

Please help me.

Thank You.

Regards,
Derry Santoso

Relevant Pages

  • Re: Questions on secure remote access to Fedora Core 2
    ... After most of a day of research on iptables, and a bunch of trial and ... Keep HTTP and HTTPS open for everybody ... Open inbound SSH, FTP, and mail for everybody ... ... users who for whatever reason can't use SFTP. ...
    (comp.os.linux.security)
  • Re: IPTables for FTP
    ... The use of the iptables module for ftp connection tracking in ... client by directives on the ftp control connection. ... the necessary client address to access its data connection, ...
    (Fedora)
  • RE: FTP from iptables
    ... Subject: FTP from iptables ... >425 Can't build data connection: ... >I think there are something wrong with ftp module for iptables. ... The problem here is either in your firewall setup itself or it is ...
    (Focus-Linux)
  • Re: FTP Problems RH 7.3 Iptables
    ... > New install of Red Hat 7.3. ... When I try to use Mozilla 1.0 to download a file from an FTP ... > iptables or an iptables rule problem. ... When I have a firewall problem I fire up Ethereal and use it with and then ...
    (comp.security.firewalls)
  • Re: Iptables FTP question
    ... But only from iptables 1.2.8 on. ... you cannot filter more that this with iptables for FTP. ... >> you wont be able to use PASV without the state machine. ...
    (comp.security.firewalls)