Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
Puma Thailand2012-02-26 11:20:13
FTP
Puma Thailand, 2012-02-26 11:20:13

FTP not working with iptables

Firewall simple rules
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 - j ACCEPT
iptables -A INPUT -i lo -j

ACCEPT , I turn off the fireworks, everything works for everyone, I have no lag.

When passive, people crash like this
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing

When active
Response: 200 Switching to Binary mode.
Command: PORT 192,168,123,104,227,59
Response: 500 Illegal PORT command.
Error: Failed to retrieve directory listing

There are two interfaces on the server eth0 eth1
ON eth0 hangs through aliases 25 ip addresses (eth0:1, eth0:2, eth0:3, etc.)
One private ip hangs on eth1.
Everything goes through eth0.

What could be the problem?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
S
shadowalone, 2012-02-26
@shadowalone

Well, where do you have open FTP in the rules?
You also need to specify passive ports on the daemon itself, and open them on the firewall.
What demon?
> What could be the problem?
In your misunderstanding of what is happening.

Report
V
ValdikSS, 2012-02-26
@ValdikSS

You can also download nf_conntrack_ftp

Report
A
Alexey Sundukov, 2012-02-26
@alekciy

Port 21 is for management. The data goes on the X port(s). You need to find the setting responsible for this in the settings of your ftp server, set these ports there and make a hole in them in the firewall.
Usually, the ftp server, when working in passive mode, randomly assigns a port for data, informs it through the 21st client, then the client uses it, but this request is inhibited by the firewall, so nothing works.

Report
A
Alexey Sundukov, 2012-02-26
@alekciy

>And if FTP is active?
So it does not matter. When active in the LISTEN state, the socket hangs on the client, on the server it will be in SYN_SENT initially, but it will not reach ESTABLISHED, because the firewall will not allow it to do so.

Report
A
Alexey Sundukov, 2012-02-26
@alekciy

In general, I highly recommend reading UNIX: Network Application Development by Stevenson. IMHO, an ingenious work that is equally good to use both as a textbook and as a reference.

Similar questions
A
Alexey Parkhomenko2015-10-26 11:22:58
How to open access for ddns in ftpaccess? 1Reply
L
libertyswift2015-10-27 19:57:27
Plugin for Brackets eqftp does not apply changes to the document, what's the problem? 1Reply
D
donanykey2011-12-06 10:52:27
Replication of MS SQL databases via FTP? 2Reply
T
topochka2015-11-05 18:29:00
How to increase data transfer speed through FileZilla FTP client? 2Reply
A
Alexander2020-05-15 14:42:01
Why is filezilla ftp server not working? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question