I have a server that is running iptables. I'm trying to allow vsftpd in and have the following rules. I can connect to it, but when I try to do a listing it says "Entering Passive Mode" but doesn't do anything. Any suggestions? Thanks, James # define it -N FTP_INP -A INPUT -p tcp --syn --sport 1024: --dport 21 -m state --state NEW -j FTP_INP # rules -A FTP_INP -j ACCEPT # go back -A FTP_INP -j RETURN -N FTP_OUT -A OUTPUT -p tcp --sport 1024: --dport 21 -m state --state NEW -j FTP_OUT -A FTP_OUT -j ACCEPT -A FTP_OUT -j RETURN
On Thu, 2005-12-01 at 10:54, James Pifer wrote:> I have a server that is running iptables. I'm trying to allow vsftpd in > and have the following rules. I can connect to it, but when I try to do > a listing it says "Entering Passive Mode" but doesn't do anything. > > Any suggestions?This may help: http://www.siliconvalleyccie.com/linux-hn/ftp-server.htm#_Toc92808792
On 12/1/05, James Pifer <jep at obrien-pifer.com> wrote:> I have a server that is running iptables. I'm trying to allow vsftpd in > and have the following rules. I can connect to it, but when I try to do > a listing it says "Entering Passive Mode" but doesn't do anything. > > Any suggestions? > > Thanks, > James > > # define it > -N FTP_INP > -A INPUT -p tcp --syn --sport 1024: --dport 21 -m state --state NEW -j > FTP_INP > > # rules > -A FTP_INP -j ACCEPT > > # go back > -A FTP_INP -j RETURN > > -N FTP_OUT > -A OUTPUT -p tcp --sport 1024: --dport 21 -m state --state NEW -j > FTP_OUT > -A FTP_OUT -j ACCEPT > -A FTP_OUT -j RETURNA few things for you to investigate: in your vsftpd.conf file pasv_max_port pasv_min_port In your /etc/sysconfig/iptables-config conntrack (connection tracking) basically ftp doesn't stay on port 21. These few things will let you get it under control and slap it around. -- Jim Perrin System Architect - UIT Ft Gordon & US Army Signal Center