[TriLUG] Road Runner blocking ports?

Dave Sorenson dave at logicalgeek.com
Tue Feb 21 14:00:23 EST 2006


OOPS should be /etc/sysconfig/iptables-config

It allows iptables to follow the FTP output to high port numbers (at 
least for vsftp)

I could be off base... like I said.. brain..fried... baby prep details 
overwhelming... car seat install directions confusing.... 8-)

Dave

Dave Sorenson wrote:
> Sorry if this suggestion was covered, too fried to remember, but have 
> you added the FTP connection track module to iptables? I had some 
> problems with a cent OS  upgrade until I loaded the module via 
> /etc/sysconfig/optables-config
>
> # Load additional iptables modules (nat helpers)
> #   Default: -none-
> # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), 
> which
> # are loaded after the firewall rules are applied. Options for the 
> helpers are
> # stored in /etc/modules.conf.
> IPTABLES_MODULES="ip_conntrack_ftp"
>
> Mark Freeze wrote:
>> Sorry to take so long to answer questions but I'm working away from 
>> my desk
>> today...
>>
>> 1. (Mark) My firewall is configured to pass the request along to the 
>> box.  I
>> checked to make sure the name was resolving correctly and it does the 
>> same
>> thing when you hit the ip directly so I'm pretty sure that is ok. I'm 
>> sure
>> that my box is getting the requests because my web server is running off
>> d-link's virtual server stuff also.
>>
>> 2. (Keith) It won't let me get to the login screen.  My connection looks
>> like this:
>>
>> Microsoft Windows XP [Version 5.1.2600]
>> (C) Copyright 1985-2001 Microsoft Corp.
>>
>> C:\Documents and Settings\Mark>ftp ftp.mfreeze.com
>> Connected to ftp.mfreeze.com.
>> Connection closed by remote host.
>>
>> C:\Documents and Settings\Mark>
>>
>> The 'connection closed' is new today.  That appears around 1 min. 
>> after the
>> 'connected' message, so it may not be the d-link after all. Connection
>> closed didn't appear yesterday. It just showed up since I added the 
>> 'Allow
>> Passive Transfers' option in config. I'll have to wait until I get home
>> today to see what is in the logs.
>>
>> 3. (William) I am not doing anonymous, I have set up two users.
>>
>> Considering Tanner's diagram example from yesterday; If it is says it is
>> connecting then the data must be getting through 20. Based on that, 
>> can a
>> port issue be ruled out and this would be more of a server setup issue?
>>
>> Thanks for all of the replies.
>>
>> Regards,
>> Mark.
>>   



More information about the TriLUG mailing list