[CentOS] ftp and iptables
Agile Aspect
agile.aspect at gmail.comThu Jan 22 22:28:02 UTC 2009
- Previous message: [CentOS] Support for i7 architecture?
- Next message: [CentOS] ftp and iptables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi - I have a ftp server running version 2.0.7 of vsftpd on
a CentSO 5.2 server using iptables behind a Linksys router.
The setup works for UNIX machines on either side of the Linksys
router.
For the Windows machines it only works if they're behind the Linksys
router - ftp does NOT work if they're outside the Linksys router.
I'd like to solve two problems:
(1) make ftp work for Windows clients outside the Linksys
router
and then ideally, if possible,
(2) have ftp work for both active and passive connections
and restrict those connections to use ports between
40000 to 60000
The ports 20,21 and 40000 to 60000 on the Linksys router
are open, and vsftp is configured with the following options
pasv_min_port=40000
pasv_max_port=60000
pasv_address=xxx.xxx.xxx.xxx
connect_from_port_20=NO
The ftp entry automatically generated the system in /etc/sysconfig/iptables
is
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21
-j ACCEPT
and to IPTABLES_MODULES entry in /etc/sysconfig/iptabes-config I've
added
ip_conntrack_ftp
Enclosed are my iptables and vsftp.conf files (which might not make it to
the list.)
Regarding item (2), I would guess I would have to add the following entries:
Active:
---------
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20
--sport 40000:60000 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 20 --dport 40000:60000 -j ACCEPT
Passive:
----------
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
40000:60000 --sport 40000:60000 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 40000:60000 --dport 40000:60000 -j ACCEPT
Adding these entries doesn't noticeably impact the vsftpd, i.e., the
connections from the UNIX or Windows behaves identically - I just
doubt if they're correct.
Any help would be greatly appreciated!
---
Article. VI. Clause 3 of the constitution of the United States states:
"The Senators and Representatives before mentioned, and the Members of
the several State Legislatures, and all executive and judicial Officers,
both of the United States and of the several States, shall be bound by
Oath or Affirmation, to support this Constitution; but no religious Test
shall ever be required as a Qualification to any Office or public Trust
under the United States."
- Previous message: [CentOS] Support for i7 architecture?
- Next message: [CentOS] ftp and iptables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list