RE: FTP from iptables

From: Nate Pinchot (npinchot@ccservice.cc)
Date: 09/26/01

Previous message: Girish N.: "Re: Floppy Linuxes, Kickstart"
Maybe in reply to: Derry Santoso: "FTP from iptables"
Next in thread: Hanamichi Sakuragui (El Talentoso !!!): "Re: FTP from iptables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Subject: RE: FTP from iptables
Date: Wed, 26 Sep 2001 12:43:19 -0400
Message-ID: <EAEE14ADB771234B879244F1952F35B703C27B@ccs-mail.ccservice.cc>
From: "Nate Pinchot" <npinchot@ccservice.cc>
To: <focus-linux@securityfocus.com>

>ftp> dir
>500 Illegal PORT Command
>425 Can't build data connection: Connection refused.
>ftp> ls -l
>425 Can't build data connection: Connection refused.
>ftp>
>What happen here?
>I think there are something wrong with ftp module for iptables.
>I already used ip_nat_ftp.
The module is probably not the issue, I have a similar setup running
at both my office and home without the module and can connect to
ftp servers from windows machines and get directory listings/files ok.
The problem here is either in your firewall setup itself or it is
possible that the remote host is also using NAT and masquerading
behind a firewall in which case you should try PASV mode. Also, do you
have any kind of firewall software running on the windows machine?

>FYI, this only happen when I use rh 7.1 with iptables. I've tested
>ipchains with ip_masq_ftp, it goes smooth & well..
My guess is that your problem is the 1st one described because you
had it working with ipchains. You probably just need a little more
tweaking to your iptables rules.

Hope that helps,
______________________________
Nate Pinchot
Corporate Computer Services
npinchot@ccservice.cc <mailto:npinchot@ccservice.cc>

"we're only gonna die because of our own arrogance, that's why we might
as well take our time"
-bradley nowell

Previous message: Girish N.: "Re: Floppy Linuxes, Kickstart"
Maybe in reply to: Derry Santoso: "FTP from iptables"
Next in thread: Hanamichi Sakuragui (El Talentoso !!!): "Re: FTP from iptables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: FTP and Firewall
... [Enable the Firewall and Accept FTP, ... appropriare levels (chkconfig -- list iptables) ... On the server rumming the FTP and HTTP server WITH Firewall, ...
(linux.redhat)
Re: Understanding iptables FC4
... > make my http, ftp, telnet working from the outside world I would truly ... iptables is really a hard, lengthly, and complicated subject. ... other bits of the firewall stuff. ... Another really good web interface for configuring linux services and ...
(alt.os.linux)
RE: iptables firewall/ftp problem
... I have been trying to learn how to use iptables for a firewall on RHEL ... two systems, I can't ftp. ... I have turned passive mode of and passive mode on and get pretty much ...
(RedHat)
Re: FTP Problems RH 7.3 Iptables
... > New install of Red Hat 7.3. ... When I try to use Mozilla 1.0 to download a file from an FTP ... > iptables or an iptables rule problem. ... When I have a firewall problem I fire up Ethereal and use it with and then ...
(comp.security.firewalls)
Re: Questions on secure remote access to Fedora Core 2
... After most of a day of research on iptables, and a bunch of trial and ... Keep HTTP and HTTPS open for everybody ... Open inbound SSH, FTP, and mail for everybody ... ... users who for whatever reason can't use SFTP. ...
(comp.os.linux.security)