Re: Question on Internet access of vsftp server
From: Bob Smith (slyders_at_ix.netcom.com)
Date: 12/18/03
- Previous message: Pete Nesbitt: "Re: Question on Internet access of vsftp server"
- In reply to: Pete Nesbitt: "Re: Question on Internet access of vsftp server"
- Next in thread: Craig Daters: "Re: Question on Internet access of vsftp server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: redhat-list@redhat.com Date: Thu, 18 Dec 2003 00:15:43 -0700
Thanks Pete,
I've read most of this, but still have some questions. I tried setting
the passive ports above 1024, and that didn't help. The problem lies in
the actual attempt to connect. I'm issuing the FTP command, and I'm
getting the following time out error:
> ftp: connect :Connection timed out
The iptable rules for ports 20 and 21 are the same syntax as those that
open ssh and smtp, among others, but they don't seem to be allowing a
connection from the outside world.
Thanks for your time!
-Bob
Pete Nesbitt wrote:
>On December 17, 2003 09:05 pm, Bob Smith wrote:
>
>
>>Hi. I'm running Red Hat 9 on an internet facing server, and have
>>chosen vsftp as the FTP server. The system is firewalled using
>>IP tables, and has ports open for FTP service (20 and 21).
>>
>>Currently I can access the FTP server on the box, but not from the
>>Internet. I had the same configuration when I was building the local
>>box on the network and was able to FTP from other machines on my
>>local network.
>>
>>Does anyone have any suggestions on how to make vsftp accessible
>>via the Internet? So far my other firewall openings are working for
>>the servers they represent, it's just this one.
>>
>>Any help would be appreciated.
>>
>>Thanks,
>>
>>-Bob Smith
>>
>>
>
>Hi Bob,
>If you are only opening 20 & 21 then you need to be using active (not passive)
>ftp. Generally passive is preffered as it uses some-what random ports to
>listen on for the data channel. The problem is that you must open a number of
>ports thru the firewall. Have a look in iptable (netfilter) for an ftp module
>to use with passive ftp (I think you use the match arg to allow 'related').
>>From inside your network you are probably using relaxed rules so your
>machines can access the server via passive ftp.
>
>active vs passive ftp:
>http://slacksite.com/other/ftp.html
>
>iptables/netfilter:
>http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
>
>hope that helps.
>
>
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Pete Nesbitt: "Re: Question on Internet access of vsftp server"
- In reply to: Pete Nesbitt: "Re: Question on Internet access of vsftp server"
- Next in thread: Craig Daters: "Re: Question on Internet access of vsftp server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
