[ale] FTP/firewall issue
Bob Kruger
bkruger at mindspring.com
Tue Jul 3 07:29:07 EDT 2001
I am still trying to work out a few issues with IPTables and my firewall
daemon.
Server name: dbserver
Subnet: 192.168.2.0/24
FTP daemon software: ProFTPD
Local Class C Network 192.168.2.0/24
Interface on dbserver for Local Class c Network: eth0
I do not want to restrict the subnet to using passive mode FTP. Ports
20 and 21 are opened up for all of my subnet on dbserver:
/usr/sbin/iptables -s 192.168.2.0/24 -i eth0 -p tcp --destination-port
20 -j ALLOW
/usr/sbin/iptables -s 192.168.2.0/24 -i eth0 -p upd --destination-port
20 -j ALLOW
/usr/sbin/iptables -s 192.168.2.0/24 -i eth0 -p tcp --destination-port
21 -j ALLOW
/usr/sbin/iptables -s 192.168.2.0/24 -i eth0 -p udp --destination-port
21 -j ALLOW
With this opened up, anyone in the subnet can ftp into dbserver. The
problem is that when they try to do a "ls", nothing. Eventually the
connection times out.
If I open up everything to the subnet in the firewall script, my users
in the subnet can ftp to dbserver and do a "ls" just fine:
/usr/sbin/iptables -s 192.168.2.0/24 -i eth0 -j ALLOW
So, this tells me that there is another port or series of ports that
must be opened to allow active FTP. Rather than try each of the 64K or
so ports one at a time, does anyone have any hints as to which other
ones must be activated so that a user can do a "ls" once they have ftp'd
the server?
Thanks in advance for any assistance.
Regards - Bob Kruger
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list