[TriLUG] FTP can't get through iptables (was: iptables for webserver)
Sam Folk-Williams
sam.folkwilliams at gmail.com
Mon Jun 13 20:29:45 EDT 2005
Thanks for the suggestions on IPtables script. I ended up using one written
by Alan Porter. It's a great script, but I'm having this funny problem with
FTP. I'm posting this to the whole group instead of just Alan because I've
had this problem with other IPtables configs also. Here is what happens
Using a GUI FTP client, either on Windows or Linux, either in Passive mode
or not, the client successfully makes a connection and authenticates against
the server. After that initial connection, it hangs and times out. In the
logs you can see that the FTP user authenticated, but that's all. I know
this is related to IPtables becuase if I totally stop iptables it works
fine.
The weird thing is that if you log in via FTP on the command line from any
client it works totally fine.
Personally, I'd be happy scrapping FTP all together and just using SSH
tools, but there are some end users who use Windows Explorer to connect to
shared documents on an FTP server.
This is an RHEL 3 machine running proFTP and the 2.4 kernel.
Any ideas??
Thanks,
Sam
On 6/13/05, Tanner Lovelace < clubjuggler at gmail.com> wrote:
>
> You could always use shorewall ( http://shorewall.net/). It's the
> default firewall on Mandrake Linux.
>
> Cheers,
> Tanner
>
> On 6/13/05, Sam Folk-Williams <sam.folkwilliams at gmail.com> wrote:
> > Hi,
> >
> > I was wondering if someone could post an iptables script for a web
> server?
> > IPtables is something that always gives me trouble. The services I need
> to
> > allow are httpd, fpt, ssh - more or less the standard web/admin
> services. I
> > would like to drop other traffic and allow mysql access only from
> localhost.
> > Anyone have a script they use?
> >
> > Thanks,
> >
> > Sam
> > --
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc<http://trilug.org/%7Echrish/trilug.asc>
> >
>
>
> --
> Tanner Lovelace
> clubjuggler at gmail dot com
> http://wtl.wayfarer.org/
> http://www.freeiPods.com/?r=8127171
> (fieldless) In fess two roundels in pale, a billet fesswise and an
> increscent, all sable.
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc<http://trilug.org/%7Echrish/trilug.asc>
>
More information about the TriLUG
mailing list