similar to: DNAT rule for vsftp (PASSIVE FTP)

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server's port 21 from anywhere ( Client initiates connection) - FTP server's port 21 to ports > 1024 (Server responds to client's control port) - FTP server's ports > 1024 from anywhere (Client initiates data connection to

-------- Original Message -------- Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP) Date: Fri, 05 Oct 2007 12:17:42 +0530 From: Mohan Sundaram <smohan@vsnl.com> Reply-To: smohan@vsnl.com To: Indunil Jayasooriya <indunil75@gmail.com> References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com> Indunil Jayasooriya wrote: > Hi all, > > I want to run

Hi, I want to setup a ftp Server on CentOS 4.4. I will have to choose which ftp is IDLE among 3 ftp pkgs that are vsftp,wuftp or proftp? What do you recommend? -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070313/453527c8/attachment.html>

Hi, I want to setup vsftp on centos 4.5. 2 types of ftp. they are active and pasive. What is the default type ftp type o CentOS ? Is is PASIVE ftp? in /etc/vsftpd/vsftpd.conf, I found below line. What should I do for below line? # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES Should I COMMENT it out? I need a very secure ftp service. YOUR

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip

Grant Taylor wrote: > I''ll have to double check some things to make sure that you don''t need > to do any thing special other than just allow the initial connection and > rely on the FTP connection tracking helper to handle all other connections. > > I''ve never run an FTP server behind a NAT, but I''ve never had a problem > with the FTP

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address - 1.2.3.4/29) to the internet ip

Hi, We have a 256 kbits/s (kilobits per second) link to the internet. it is a router running Linux that belongs to our ISP. They have given us 8 internet ips. (i.e- subnet is 255.255.255.248). one has been given to this router. I have given another internet ip to the firewall running CentOS 4.5. iptables is running on it. And also, I have installed iproute2 pkg as well. pls see below for

Hi, I am running a ASTERISK BOX behind a firewall. It is at DMZ . Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it? Pls assume that ip address that connects to Internet on firewall is 1.2.3.4and is attached to eth0. And ASTERISK BOX is 192.168.101.23 Then, What is the rule (PREROUTING) for it? What is the port to DNAT? I think udp 5060. So I have

I've been struggling with my firewall and getting vsftp to work in passive mode. It seems that everything on this hosting server works just fine without the eth0 entry in my iptables except for vsftp in passive. Am I opening up too much by adding the eth0 line? -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT

Hi all! I am a long time lurker, but have not posted until now. My old trusted firewall machine broke a couple of weeks ago and I replaced it with a XEN domU that is using DNAT and has two interfaces. The firewall domU and the FTP server domU are both guests on the same dom0. All three machines are running Debian/etch (stable) and Shorewall has version 3.2.6. I can''t get FTP to work

HI , I setup vsftp yesterday as a local user only mode. No anonymous was enabled. I set up this vsftpd on my machine running CentOS 4.4. its ip is 192.168.101.25. so when I login as ftp://192.168.101.25/ via web browser, I am promted the username as password. After inputing username and password, I can login successfully. Then I can download everything as usual. But I can not upload any data ?

Hello, I''m observing a weird bug with ip_nat_ftp in a somewhat more complicated constellation. It''s possible that XEN is also involved in this, but I''m not sure. What I''m trying to do is have XEN guest domains on a host, connected via a bridge into a private network. The the privileged domain attaches to this private network and acts as a NAT router to connect

Hi, I know these are a few iptbales questions. NOT CentOS, anyway, I am running a firewall on centos 5.x. If you can response, it would be fine. I want to add a SNAT rule for one user in LAN to access one particular destination on the internet. Let's say www.centos.org I added the below rule. But . it does NOT work Pls assume 1.2.3.4 is the real ip of the firewall. ip address

Hi all, I''ve got a BOX running CentOS 4.5. It acts as a firewall + router. I have installed both iptables and iproute2. I has 3 network cards. eth0 is connected to Internet (is has an internet ip. pls assume its ip is 1.2.3.4/29). it is a 256 Kbit link. eth1 is DMZ. its ip is 192.168.100.254 eth2 is LAN. Its ip is 192.168.101.254 I have alreday shaped traffic to 64 Kbit on eth1 for

I am moving from a server from running Red Hat 7.2 (with ProFTP) to Centos 3 (with vsFTP). There is a setting in ProFTP that lets me set the default ftp login directory for a specific user and I would like to do the same with vsFTP. The reason being is I have a 'webadmin' user that I use for uploading web content. I am thinking I could make the home directory of the webadmin /var/www in

Dear all, Dear support and users: Sorry to trouble you! I configure the shorewall firewall to forward ftp and ssh port to another server, but failed. Can you help me check? I cannot login both SSH 2222 and ftp! Below is my environment: (attachment is shorewall dump) 1. Gateway (FC6) 1.1) eth0: lan static IP: 192.168.1.20 1.2) eth1: external public static IP:

Hi All, I want to put a ASTERISK BOX bend a Firewall. So I have given below rules. iptables -A FORWARD -p udp -d 192.168.101.30 -m multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT iptables -A FORWARD -p udp -d 192.168.101.30 --dport 10000:20000 -m state --state NEW -j ACCEPT iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 -m multiport --dports 3478,4569,5060 -j DNAT

Hi guys, Just a quick question, I've been slowly moving all my user services to mysql backend, I realise it's probably not as good a choice as LDAP, but you tend to stick with what you know. To that end I want to setup both Apache and VSFTP to use mysql db for virtual users. Basically I want to create virtual users that are locked into their own home dir and have apache use mysql to

Hi , I am ruuning Senmail with MailScanner on CentOS 4.4. It has updated to kernel 2.6.9-42.0.8.EL from its past kernel 2.6.9-42.0.3.EL. Now the Server can not boot up and gives the below error. mkrootdev: label / not found Mounting root filesystem mount: error 2 mouting ext3 switchroot: mount failed: 22 Kernel panic - not syncing: Attempted to kill init! But I can boot up from its