Results 1 to 8 of 8

Thread: iptables rules blocking ftp

  1. #1
    Junior Member
    Join Date
    Sep 2006
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default iptables rules blocking ftp

    Hi,
    I followed this article to configure my ftp server:
    http://www.cyberciti.biz/faq/iptables-open-ftp-port-21/

    with my ftp client i have this:
    --------------------------------------------------------------------------
    220-=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-
    220-You are user number 1 of 50 allowed
    220-Local time is now 10:57 and the load is 0.00. Server port: 21.
    220 You will be disconnected after 15 minutes of inactivity.

    USER toto


    331 User toto OK. Password required

    PASS ******


    230-User toto has group access to: 502
    230 OK. Current directory is /

    SYST


    215 UNIX Type: L8


    PWD

    257 "/" is your current location

    TYPE A


    200 TYPE is now ASCII

    PORT 172,19,45,229,13,67


    200 PORT command successful

    LIST

    425 Could not open data connection to port 14592: Connection timed out
    -------------------------------------------------------------------

    is there any rule that i have to add or should i change one?
    do you have any idea?
    please help me

  2. #2
    Is that all you got? rockdalinux's Avatar
    Join Date
    May 2005
    Location
    Planet Vegeta
    Posts
    987
    Thanks
    27
    Thanked 71 Times in 62 Posts
    Rep Power
    20

    Default

    Hi,

    Before adding those iptables rules add following two command:
    Code:
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    Next load the iptables rules and try out ftp. It should work now. Let me know if you need more help.
    Rocky Jr.
    What's wrong? I hope I am not making you uncomfortable...

    Never send a boy to do a mans job.

  3. #3
    Junior Member
    Join Date
    Sep 2006
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    Yes it's working now
    tanx for your help!
    what's these commands mean?

  4. #4
    Is that all you got? rockdalinux's Avatar
    Join Date
    May 2005
    Location
    Planet Vegeta
    Posts
    987
    Thanks
    27
    Thanked 71 Times in 62 Posts
    Rep Power
    20

    Default

    FTP is a complex protocol when you use iptables (or nat via iptables) you need to use ip_conntrack_ftp. It does help or it is ftp connection tracking helper. In short if you want to use passive ftp you need to use this kernel module.

    Above two modules enables connection tracking. Please read my previous tutorial for more info:

    http://www.cyberciti.biz/nixcraft/vi...onnection.html
    Rocky Jr.
    What's wrong? I hope I am not making you uncomfortable...

    Never send a boy to do a mans job.

  5. #5
    Junior Member
    Join Date
    Sep 2006
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    ok thanx!

  6. #6
    Junior Member
    Join Date
    Sep 2006
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    by the way, i'm trying to set up an smtp relay to my exchange server on this machine, I tried sendmail but it's too difficult to configure , so i think i will use postfix

    do you know any site talking about such config?

  7. #7
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,513
    Thanks
    17
    Thanked 804 Times in 511 Posts
    Rep Power
    10

    Default

    Edit /etc/postfix/main.cf and add/append line

    Code:
    relayhost = smtp.isp.com
    Restart postfix. Here are few tutorils:
    http://www.postfix.org/docs.html

    If you want a book try - Setup and Run a Small Office Email Server Using Postfix, Courier, Procmail, Squirrelmail, Clamav and Spamassassin, see my review:
    http://www.cyberciti.biz/tips/book-l...ce-server.html
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  8. #8
    Junior Member
    Join Date
    Sep 2006
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    thanx for the tips, but I have a permanent access to internet and a domain name, I don' t need (and i don't want) to pass by my isp's smtp,

    what i want is to realy all the mail coming from my mail server to this machine (where i run postfix) and it will send it trough internet,

    and vice versa, all the mail coming from internet will be rerouted to my mail server

    is it possible with postfix? what can i do?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. blocking streaming
    By zafar466 in forum CentOS / RHEL / Fedora
    Replies: 0
    Last Post: 12th April 2008, 03:37 AM
  2. MSN and yahoo messanger blocking through IPTABLES
    By surmandal in forum Linux software
    Replies: 1
    Last Post: 31st March 2007, 12:04 AM
  3. Blocking port in iptables
    By asim.mcp in forum Linux software
    Replies: 3
    Last Post: 17th July 2006, 10:00 PM
  4. iptables rules for three ethernet
    By brijeshchougule in forum Linux software
    Replies: 2
    Last Post: 16th June 2005, 02:42 PM
  5. Forum rules
    By vivek in forum Feedback & Site News
    Replies: 0
    Last Post: 1st February 2005, 11:04 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •