Hi all, With SELinux in permissive mode and iptables running, I'm unable to retrieve directory listings with ftp. stop iptables, and all appears again. This seems to be unrelated to passive/port modes for ftp client. If this is off topic, please let me know offlist and I'll take my question elsewhere. Otherwise I'll repost with output of # iptables status TIA, ~Ray
On Thu, 2007-09-20 at 14:55 -0400, Ray Leventhal wrote:> Hi all, > > With SELinux in permissive mode and iptables running, I'm unable to > retrieve directory listings with ftp. > > stop iptables, and all appears again. This seems to be unrelated to > passive/port modes for ftp client.Depending how you configured your iptables rules, you'll probably anyway need the ip_conntrack_ftp iptables module. You can modprobe it, or even better, declare it in /etc/sysconfig/iptables-config ... -- Fabian Arrotin <fabian.arrotin at arrfab.net> Solution ? echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq' | dc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20070920/cd856307/attachment-0001.sig>
Fabian Arrotin wrote:> On Thu, 2007-09-20 at 14:55 -0400, Ray Leventhal wrote: > >> Hi all, >> >> With SELinux in permissive mode and iptables running, I'm unable to >> retrieve directory listings with ftp. >> >> stop iptables, and all appears again. This seems to be unrelated to >> passive/port modes for ftp client. >> > > Depending how you configured your iptables rules, you'll probably anyway > need the ip_conntrack_ftp iptables module. > You can modprobe it, or even better, declare it > in /etc/sysconfig/iptables-config ... >Thanks, Fabian. I'll have at the iptables-config ~Ray
Dear Salam, Try to add following enteries in table. /sbin/iptables -A INPUT -p tcp --dport 20 -j ACCEPT /sbin/iptables -A INPUT -p udp --dport 20 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT Then use iptables -L command to show the enteries. Regards, Umair Shakil ETD On 9/20/07, Ray Leventhal <centos at swhi.net> wrote:> > Hi all, > > With SELinux in permissive mode and iptables running, I'm unable to > retrieve directory listings with ftp. > > stop iptables, and all appears again. This seems to be unrelated to > passive/port modes for ftp client. > > If this is off topic, please let me know offlist and I'll take my > question elsewhere. Otherwise I'll repost with output of > > # iptables status > > TIA, > ~Ray > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070921/24be056c/attachment-0001.html>