If i stop the IPTables service my ftp server works as expected. However, when enabled i am unable to connect (before authentication occurs).
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:rndc
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere localhost tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- localhost anywhere tcp dpt:sunrpc
ACCEPT tcp -- localhost anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp flags:ACK/ACK
ACCEPT all -- anywhere anywhere state ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere helper match "ftp"
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
From serverfault
Chris
-
You have a REJECT ALL and AFTER the accept for the ftp connection. Change your order !
Sirex : +1. The order will be causing this. Also, you have a default policy of accept, and a bunch of accepting rules. You'll likely want iptables -P INPUT DROP , and then allow all expected traffic.From Dom
0 comments:
Post a Comment