[Firewall] Passive FTP Help Please

Lonnie Abelbeck lists at lonnie.abelbeck.com
Sun Jul 17 04:33:10 CEST 2011


Stephan,

I looked at my test box, with the following AIF rule:
--
HOST_OPEN_TCP="0/0~21"
-- (or)
OPEN_TCP="21"
--
FTP via FF 5.0.1 works, as well as from the shell, accessing a local FTP server on the AIF box.  This basically generates your INPUT rule. Your OUTPUT rule is not necessary since by default almost any OUTPUT is allowed.

Lonnie


On Jul 16, 2011, at 8:21 PM, Wolfgang Farquar: aka, BugEye wrote:

> Hi All,
> 
> I'm having a little trouble getting FF 5.0 and Opera to deal with passive (from a shell I connect fine) ftp and I'd like help writing these as custom rules in a format Arnos`can understand. I'd also like to know whether it's practical or defeats any of the standard rules. Arnos`is unmodified with no plugins loaded:
> 
> $ iptables -A INPUT -p tcp --dport 21 -j ACCEPT
> 
> $ iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
> 
> I'm running a simple Westell 6100, the latest 2.0.0b fw and the latest Slack.. nf_nat_ftp and nf_conntrack_ftp are both loaded. Everybody works with the fw down. Please advise - TIA.
> 
> 
> Stephan
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 
> 



More information about the Firewall mailing list