trouble setting up ftp server

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sven Riedel <sr@gimp.org>
To: netfilter@lists.netfilter.org
Subject: trouble setting up ftp server
Date: Mon, 21 Jul 2003 10:18:59 +0200	[thread overview]
Message-ID: <20030721081859.GA29576@localnet> (raw)

Hi,
I'm having trouble setting up an ftp server, wrt passive mode and the
data channel.

My relevant ruleset looks like this (from iptables -v -L <chain>):
INPUT (Policy: DROP):

70896   72M ACCEPT     all  --  any    any     anywhere anywhere
	 state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  any    any     anywhere anywhere 
	 tcp spts:1024:65535 dpts:1024:65535 state ESTABLISHED 
    3   170 ACCEPT     tcp  --  any    any     anywhere anywhere  
	 tcp dpt:ftp state NEW 
    0     0 ACCEPT     tcp  --  any    any     anywhere anywhere
	 tcp dpt:ftp-data state NEW 

OUTPUT (Policy: DROP):
74312   69M ACCEPT     all  --  any    any     anywhere  anywhere
	 state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  any    any     anywhere  anywhere
	 tcp spts:1024:65535 dpts:1024:65535 state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  any    any     anywhere  anywhere 
	 tcp spt:ftp-data 
    0     0 ACCEPT     tcp  --  any    any     anywhere  anywhere
	 tcp spt:ftp 

The data connections get filtered out in the Input chain, log entries
look like this:

Jul 21 09:52:59 turing kernel: Dropped from input IN=ppp0 OUT= MAC=
   SRC=128.32.112.247 DST=82.82.155.165 LEN=60 TOS=0x00 PREC=0x00 TTL=48 
   ID=59818 DF PROTO=TCP SPT=2577 DPT=34510 WINDOW=32767 RES=0x00 SYN URGP=0  

Linux kernel 2.4.21, ip-conntrack-ftp module is loaded, 
iptables version 1.2.8.

I didn't find anything new or useful in online recepies, nor do I see
anything obviously wrong (to me that is, I do get stricken by selective
blindness from time to time though ;) ). Anyone have any ideas?

Regs,
Sven


-- 
Sven Riedel                      sr@gimp.org
Liebigstr. 38 
30163 Hannover                  "Python is merely Perl for those who
                                 prefer Pascal to C" (anon)

                 reply	other threads:[~2003-07-21  8:18 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030721081859.GA29576@localnet \
    --to=sr@gimp.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.