![]() Iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp -m tcp -sport 20 -m conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT Iptables -A OUTPUT -p tcp -m tcp -sport 1024: -dport 1024: -m conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT -m comment -comment "Allow passive inbound connections"įor more on FTP and firewall problems see: Įdit: Added NEW to the port 21 input rule. ![]() Iptables -A OUTPUT -p tcp -m tcp -dport 20 -m conntrack -ctstate ESTABLISHED -j ACCEPT -m comment -comment "Allow ftp connections on port 20"įinally allow FTP passive inbound traffic iptables -A INPUT -p tcp -m tcp -sport 1024: -dport 1024: -m conntrack -ctstate ESTABLISHED -j ACCEPT -m comment -comment "Allow passive inbound connections" Iptables -A OUTPUT -p tcp -m tcp -dport 21 -m conntrack -ctstate NEW,ESTABLISHED -j ACCEPT -m comment -comment "Allow ftp connections on port 21"Īllow FTP port 20 for active connections incoming and outgoing iptables -A INPUT -p tcp -m tcp -dport 20 -m conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT -m comment -comment "Allow ftp connections on port 20" See the following configuratonįirst load the following module to make sure passive ftp connections are not rejected modprobe ip_conntrack_ftpĪllow FTP connections on port 21 incoming and outgoing iptables -A INPUT -p tcp -m tcp -dport 21 -m conntrack -ctstate ESTABLISHED,NEW -j ACCEPT -m comment -comment "Allow ftp connections on port 21" So to make data transfer possible you'd need to enable port 20 as well. ![]() Port 21 is used to establish the connection. Your ftp server needs a channel to transfer data. If iptables is enforcing, then transfer failed. If I disable iptables, I am able to transfer my backup from another machine to FTP. Loading additional iptables modules: ip_conntrack_netbios_nīut the problem is not with that module, as I tried unloading it and still no luck. ![]() A OUTPUT -p tcp -m tcp -sport 20 -j ACCEPTĪlso, by default, ip_conntrack_netbios_n module is getting loaded. A INPUT -j REJECT -reject-with icmp-port-unreachable A INPUT -p tcp -m state -state ESTABLISHED -j ACCEPT A INPUT -p tcp -m tcp -dport 21 -j ACCEPT ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |