[TriLUG] FTP can't get through iptables (was: iptables for webserver)

Sam Folk-Williams sam.folkwilliams at gmail.com
Mon Jun 13 20:29:45 EDT 2005


Thanks for the suggestions on IPtables script. I ended up using one written 
by Alan Porter. It's a great script, but I'm having this funny problem with 
FTP. I'm posting this to the whole group instead of just Alan because I've 
had this problem with other IPtables configs also. Here is what happens

Using a GUI FTP client, either on Windows or Linux, either in Passive mode 
or not, the client successfully makes a connection and authenticates against 
the server. After that initial connection, it hangs and times out. In the 
logs you can see that the FTP user authenticated, but that's all. I know 
this is related to IPtables becuase if I totally stop iptables it works 
fine.

The weird thing is that if you log in via FTP on the command line from any 
client it works totally fine.

Personally, I'd be happy scrapping FTP all together and just using SSH 
tools, but there are some end users who use Windows Explorer to connect to 
shared documents on an FTP server.

This is an RHEL 3 machine running proFTP and the 2.4 kernel. 

Any ideas?? 

Thanks,

Sam

On 6/13/05, Tanner Lovelace < clubjuggler at gmail.com> wrote:
> 
> You could always use shorewall ( http://shorewall.net/). It's the
> default firewall on Mandrake Linux.
> 
> Cheers,
> Tanner
> 
> On 6/13/05, Sam Folk-Williams <sam.folkwilliams at gmail.com> wrote: 
> > Hi,
> >
> > I was wondering if someone could post an iptables script for a web 
> server?
> > IPtables is something that always gives me trouble. The services I need 
> to
> > allow are httpd, fpt, ssh - more or less the standard web/admin 
> services. I 
> > would like to drop other traffic and allow mysql access only from 
> localhost.
> > Anyone have a script they use?
> >
> > Thanks,
> >
> > Sam
> > --
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc<http://trilug.org/%7Echrish/trilug.asc>
> >
> 
> 
> --
> Tanner Lovelace
> clubjuggler at gmail dot com 
> http://wtl.wayfarer.org/
> http://www.freeiPods.com/?r=8127171
> (fieldless) In fess two roundels in pale, a billet fesswise and an 
> increscent, all sable.
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc<http://trilug.org/%7Echrish/trilug.asc>
>



More information about the TriLUG mailing list