[CentOS] ftp and iptables
agile.aspect at gmail.com
Thu Jan 22 22:28:02 UTC 2009
Hi - I have a ftp server running version 2.0.7 of vsftpd on
a CentSO 5.2 server using iptables behind a Linksys router.
The setup works for UNIX machines on either side of the Linksys
For the Windows machines it only works if they're behind the Linksys
router - ftp does NOT work if they're outside the Linksys router.
I'd like to solve two problems:
(1) make ftp work for Windows clients outside the Linksys
and then ideally, if possible,
(2) have ftp work for both active and passive connections
and restrict those connections to use ports between
40000 to 60000
The ports 20,21 and 40000 to 60000 on the Linksys router
are open, and vsftp is configured with the following options
The ftp entry automatically generated the system in /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21
and to IPTABLES_MODULES entry in /etc/sysconfig/iptabes-config I've
Enclosed are my iptables and vsftp.conf files (which might not make it to
Regarding item (2), I would guess I would have to add the following entries:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20
--sport 40000:60000 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 20 --dport 40000:60000 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
40000:60000 --sport 40000:60000 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 40000:60000 --dport 40000:60000 -j ACCEPT
Adding these entries doesn't noticeably impact the vsftpd, i.e., the
connections from the UNIX or Windows behaves identically - I just
doubt if they're correct.
Any help would be greatly appreciated!
Article. VI. Clause 3 of the constitution of the United States states:
"The Senators and Representatives before mentioned, and the Members of
the several State Legislatures, and all executive and judicial Officers,
both of the United States and of the several States, shall be bound by
Oath or Affirmation, to support this Constitution; but no religious Test
shall ever be required as a Qualification to any Office or public Trust
under the United States."
More information about the CentOS