nixCraft

hammooda · #1 (**permalink**) 19-09-2006, 04:40 PM

Hi,
I followed this article to configure my ftp server:
http://www.cyberciti.biz/faq/iptables-open-ftp-port-21/

with my ftp client i have this:
--------------------------------------------------------------------------
220-=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-
220-You are user number 1 of 50 allowed
220-Local time is now 10:57 and the load is 0.00. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.

USER toto

331 User toto OK. Password required

PASS ******

230-User toto has group access to: 502
230 OK. Current directory is /

SYST

215 UNIX Type: L8

PWD

257 "/" is your current location

TYPE A

200 TYPE is now ASCII

PORT 172,19,45,229,13,67

200 PORT command successful

LIST

425 Could not open data connection to port 14592: Connection timed out
-------------------------------------------------------------------

is there any rule that i have to add or should i change one?
do you have any idea?
please help me

rockdalinux · #2 (**permalink**) 19-09-2006, 06:57 PM

Hi,

Before adding those iptables rules add following two command:

Code:

modprobe ip_conntrack
modprobe ip_conntrack_ftp

Next load the iptables rules and try out ftp. It should work now. Let me know if you need more help.

hammooda · #3 (**permalink**) 19-09-2006, 08:21 PM

Yes it's working now

tanx for your help!
what's these commands mean?

rockdalinux · #4 (**permalink**) 19-09-2006, 10:21 PM

FTP is a complex protocol when you use iptables (or nat via iptables) you need to use ip_conntrack_ftp. It does help or it is ftp connection tracking helper. In short if you want to use passive ftp you need to use this kernel module.

Above two modules enables connection tracking. Please read my previous tutorial for more info:

http://www.cyberciti.biz/nixcraft/vi...onnection.html

hammooda · #5 (**permalink**) 20-09-2006, 03:57 PM

ok thanx!

hammooda · #6 (**permalink**) 23-09-2006, 01:18 AM

by the way, i'm trying to set up an smtp relay to my exchange server on this machine, I tried sendmail but it's too difficult to configure

, so i think i will use postfix

do you know any site talking about such config?

nixcraft · #7 (**permalink**) 23-09-2006, 05:03 AM

Edit /etc/postfix/main.cf and add/append line

Code:

relayhost = smtp.isp.com

Restart postfix. Here are few tutorils:
http://www.postfix.org/docs.html

If you want a book try - Setup and Run a Small Office Email Server Using Postfix, Courier, Procmail, Squirrelmail, Clamav and Spamassassin, see my review:
http://www.cyberciti.biz/tips/book-l...ce-server.html

hammooda · #8 (**permalink**) 23-09-2006, 04:24 PM

thanx for the tips, but I have a permanent access to internet and a domain name, I don' t need (and i don't want) to pass by my isp's smtp,

what i want is to realy all the mail coming from my mail server to this machine (where i run postfix) and it will send it trough internet,

and vice versa, all the mail coming from internet will be rerouted to my mail server

is it possible with postfix? what can i do?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
blocking streaming	zafar466	CentOS / RHEL / Fedora	0	12-04-2008 03:37 AM
MSN and yahoo messanger blocking through IPTABLES	surmandal	Linux software	1	31-03-2007 12:04 AM
Blocking port in iptables	asim.mcp	Linux software	3	17-07-2006 10:00 PM
iptables rules for three ethernet	brijeshchougule	Linux software	2	16-06-2005 02:42 PM
Forum rules	vivek	Feedback & Site News	0	01-02-2005 11:04 AM

nixCraft

iptables rules blocking ftp

iptables rules blocking ftp

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads