Re: Ftp (pass mode ) and Iptables

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Boryan Yotov <yotov@prosyst.com>
To: netfilter@lists.netfilter.org
Subject: Re: Ftp (pass mode ) and Iptables
Date: Fri, 06 Jan 2006 10:37:09 +0100	[thread overview]
Message-ID: <43BE3A45.1060802@prosyst.com> (raw)
In-Reply-To: <d27cd2010601052230r6453298aq@mail.gmail.com>

ludi wrote:
> I'm sorry. I lost the rules of ftp I insert when I setup the proftp.
> iptables -A INPUT 1 -p tcp  -s 0/0 -d $HOME_ADDR --dport 8888 -j  ACCEPT
> ;)
> 
> I can connect the ftp if I disabled the iptables. Otherwise, it would
> timeout when cuteftp made a list.
> I enforced to use the PORT command , and it worked well.
> I think the command channel established, however, the require was
> filtered when the cuteftp make a data connection .So I want to know
> whether the iptables can resolve the promblem?

What has tcp port 8888 to do with FTP? Or you changed the FTP server
settings to bind itself on port 8888? Correct?

The ipt_conntrack_ftp module is listenning for PORT and PASV on the
command channel running on port 21. If you bind your FTP server to
another port then you need to correct the include file of the module
as well:

 From include/linux/netfilter_ipv4/ip_conntrack_ftp.h:
	#define FTP_PORT        21
change to
	#define FTP_PORT	8888

And then recompile the module.

I'm not sure and had no time to look if the module itself accept
parameters. If its true then you don't have to compile anything,
simply find out the ipt_conntrack_ftp insmod options.

     prev parent reply	other threads:[~2006-01-06  9:37 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-05  3:51 Ftp (pass mode ) and Iptables ludi
2006-01-05  9:14 ` Boryan Yotov
2006-01-05 10:18   ` Boryan Yotov
2006-01-05 17:15   ` Eric Marty
2006-01-06  6:30     ` ludi
2006-01-06  9:37       ` Boryan Yotov [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43BE3A45.1060802@prosyst.com \
    --to=yotov@prosyst.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox