Re: I really need to FTP Between my RH9 and Fedora 2 boxes.
From: Ivan Marsh (annoyed_at_you.now)
Date: 11/22/04
- Next message: Yasaswi Pulavarti: "oracle 10g"
- Previous message: Ivan Marsh: "Re: MySQL install problems"
- In reply to: Mark Healey: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
- Next in thread: James Bridge: "screensavers"
- Reply: James Bridge: "screensavers"
- Reply: Mark Healey: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 22 Nov 2004 11:12:39 -0600
On Sat, 20 Nov 2004 16:36:06 +0000, Mark Healey wrote:
> On Mon, 15 Nov 2004 19:57:40 UTC, "Ivan Marsh" <annoyed@you.now> wrote:
>
>> On Sat, 13 Nov 2004 05:09:49 +0000, Mark Healey wrote:
>>
>> > I'm reposting the original message hoping to get a response this time.
>> >
>> > All I want to do is ftp between a RH9 machine (the server) and a
>> > Fedora 2 machine (the client).
>> >
>> > I'm pretty sure it is a firewall problem with the client machine and
>> > the way ftp uses random port numbers.
>>
>> Have you tried confirming that by turning off the firewall?
>
> I turn it off on the Fedora (client) box and it works in active mode but
> not passive?
Do you need it to work in passive mode?
Adjust as needed:
$INTERNET="eth0"
$UNPRIVPORTS="1024:65535"
$CLASS_C="192.168.0.0/16"
################################################################################
# FTP TRAFFIC
################################################################################
echo 'Allowing outgoing FTP requests.'
# Outgoing control connection to port 21
iptables -A OUTPUT -o $INTERNET -p tcp --sport $UNPRIVPORTS --dport 21 -j ACCEPT
iptables -A INPUT -i $INTERNET -p tcp ! --syn --sport 21 --dport $UNPRIVPORTS -j ACCEPT
# Incoming port mode data channel connection from port 20
iptables -A INPUT -i $INTERNET -p tcp --sport 20 --dport $UNPRIVPORTS -j ACCEPT
iptables -A OUTPUT -o $INTERNET -p tcp ! --syn --sport $UNPRIVPORTS --dport 20 -j ACCEPT
# Outgoing passive mode data channel connection between unprivleged ports
iptables -A OUTPUT -o $INTERNET -p tcp --sport $UNPRIVPORTS --dport $UNPRIVPORTS -j ACCEPT
iptables -A INPUT -i $INTERNET -p tcp ! --syn --sport $UNPRIVPORTS --dport $UNPRIVPORTS -j ACCEPT
echo 'Allowing incoming FTP requests.'
# Incoming control connection to port 21
iptables -A INPUT -i $INTERNET -p tcp -s $CLASS_C --sport $UNPRIVPORTS --dport 21 -j ACCEPT
iptables -A OUTPUT -o $INTERNET -p tcp ! --syn --sport 21 -d $CLASS_C --dport $UNPRIVPORTS -j ACCEPT
# Outgoing port mode data channel connection to port 20
iptables -A OUTPUT -o $INTERNET -p tcp --sport 20 -d $CLASS_C --dport $UNPRIVPORTS -j ACCEPT
iptables -A INPUT -i $INTERNET -p tcp ! --syn -s $CLASS_C --sport $UNPRIVPORTS --dport 20 -j ACCEPT
# Incoming passive mode data channel connection between unprivleged ports
iptables -A INPUT -i $INTERNET -p tcp -s $CLASS_C --sport $UNPRIVPORTS --dport $UNPRIVPORTS -j ACCEPT
iptables -A OUTPUT -o $INTERNET -p tcp ! --syn --sport $UNPRIVPORTS -d $CLASS_C --dport $UNPRIVPORTS -j ACCEPT
--
"No oppression is so heavy or lasting as that which is inflicted by
the perversion and exorbitance of legal authority."
i.m.
- Next message: Yasaswi Pulavarti: "oracle 10g"
- Previous message: Ivan Marsh: "Re: MySQL install problems"
- In reply to: Mark Healey: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
- Next in thread: James Bridge: "screensavers"
- Reply: James Bridge: "screensavers"
- Reply: Mark Healey: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
