iptables rules blocking ftp

**hammooda** · 19th September 2006, 04:40 PM

Hi,
I followed this article to configure my ftp server:
http://www.cyberciti.biz/faq/iptables-open-ftp-port-21/

with my ftp client i have this:
--------------------------------------------------------------------------
220-=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-
220-You are user number 1 of 50 allowed
220-Local time is now 10:57 and the load is 0.00. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.

USER toto

331 User toto OK. Password required

PASS ******

230-User toto has group access to: 502
230 OK. Current directory is /

SYST

215 UNIX Type: L8

PWD

257 "/" is your current location

TYPE A

200 TYPE is now ASCII

PORT 172,19,45,229,13,67

200 PORT command successful

LIST

425 Could not open data connection to port 14592: Connection timed out
-------------------------------------------------------------------

is there any rule that i have to add or should i change one?
do you have any idea?
please help me

**rockdalinux** · 19th September 2006, 06:57 PM

Hi,

Before adding those iptables rules add following two command:

Code:

modprobe ip_conntrack
modprobe ip_conntrack_ftp

Next load the iptables rules and try out ftp. It should work now. Let me know if you need more help.

**hammooda** · 19th September 2006, 08:21 PM

Yes it's working now

tanx for your help!
what's these commands mean?

**rockdalinux** · 19th September 2006, 10:21 PM

FTP is a complex protocol when you use iptables (or nat via iptables) you need to use ip_conntrack_ftp. It does help or it is ftp connection tracking helper. In short if you want to use passive ftp you need to use this kernel module.

Above two modules enables connection tracking. Please read my previous tutorial for more info:

http://www.cyberciti.biz/nixcraft/vi...onnection.html

**hammooda** · 20th September 2006, 03:57 PM

ok thanx!

**hammooda** · 23rd September 2006, 01:18 AM

by the way, i'm trying to set up an smtp relay to my exchange server on this machine, I tried sendmail but it's too difficult to configure

, so i think i will use postfix

do you know any site talking about such config?

**nixcraft** · 23rd September 2006, 05:03 AM

Edit /etc/postfix/main.cf and add/append line

Code:

relayhost = smtp.isp.com

Restart postfix. Here are few tutorils:
http://www.postfix.org/docs.html

If you want a book try - Setup and Run a Small Office Email Server Using Postfix, Courier, Procmail, Squirrelmail, Clamav and Spamassassin, see my review:
http://www.cyberciti.biz/tips/book-l...ce-server.html

**hammooda** · 23rd September 2006, 04:24 PM

thanx for the tips, but I have a permanent access to internet and a domain name, I don' t need (and i don't want) to pass by my isp's smtp,

what i want is to realy all the mail coming from my mail server to this machine (where i run postfix) and it will send it trough internet,

and vice versa, all the mail coming from internet will be rerouted to my mail server

is it possible with postfix? what can i do?

Thread: iptables rules blocking ftp

Thread Tools

Display

iptables rules blocking ftp

Thread Information

Users Browsing this Thread

Similar Threads

blocking streaming

MSN and yahoo messanger blocking through IPTABLES

Blocking port in iptables

iptables rules for three ethernet

Forum rules

Posting Permissions