On Thu, 2007-09-20 at 14:55 -0400, Ray Leventhal wrote:

Hi all,

With SELinux in permissive mode and iptables running, I'm unable to retrieve directory listings with ftp.

stop iptables, and all appears again. This seems to be unrelated to passive/port modes for ftp client.

Depending how you configured your iptables rules, you'll probably anyway need the ip_conntrack_ftp iptables module. You can modprobe it, or even better, declare it in /etc/sysconfig/iptables-config ...

Dear Salam,

Try to add following enteries in table.

/sbin/iptables -A INPUT -p tcp --dport 20 -j ACCEPT /sbin/iptables -A INPUT -p udp --dport 20 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

Then use iptables -L command to show the enteries.

Regards,

Umair Shakil ETD

On 9/20/07, Ray Leventhal centos@swhi.net wrote:

Hi all,

With SELinux in permissive mode and iptables running, I'm unable to retrieve directory listings with ftp.

stop iptables, and all appears again. This seems to be unrelated to passive/port modes for ftp client.

If this is off topic, please let me know offlist and I'll take my question elsewhere. Otherwise I'll repost with output of

# iptables status

TIA, ~Ray

---

CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos