Re: I really need to FTP Between my RH9 and Fedora 2 boxes.
From: Mark Healey (die_at_spammer.die)
Date: 11/23/04
- Previous message: Lenard: "Re: RH 9.0, Putting Samba on Linux with RPM?"
- In reply to: Ivan Marsh: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
- Next in thread: Ivan Marsh: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
- Reply: Ivan Marsh: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 23 Nov 2004 06:54:23 GMT
On Mon, 22 Nov 2004 17:12:39 UTC, "Ivan Marsh" <annoyed@you.now>
wrote:
> On Sat, 20 Nov 2004 16:36:06 +0000, Mark Healey wrote:
>
> > On Mon, 15 Nov 2004 19:57:40 UTC, "Ivan Marsh" <annoyed@you.now> wrote:
> >
> >> On Sat, 13 Nov 2004 05:09:49 +0000, Mark Healey wrote:
> >>
> >> > I'm reposting the original message hoping to get a response this time.
> >> >
> >> > All I want to do is ftp between a RH9 machine (the server) and a
> >> > Fedora 2 machine (the client).
> >> >
> >> > I'm pretty sure it is a firewall problem with the client machine and
> >> > the way ftp uses random port numbers.
> >>
> >> Have you tried confirming that by turning off the firewall?
> >
> > I turn it off on the Fedora (client) box and it works in active mode but
> > not passive?
>
> Do you need it to work in passive mode?
>
> Adjust as needed:
>
> $INTERNET="eth0"
> $UNPRIVPORTS="1024:65535"
> $CLASS_C="192.168.0.0/16"
>
> ################################################################################
> # FTP TRAFFIC
> ################################################################################
> echo 'Allowing outgoing FTP requests.'
>
> # Outgoing control connection to port 21
> iptables -A OUTPUT -o $INTERNET -p tcp --sport $UNPRIVPORTS --dport 21 -j ACCEPT
> iptables -A INPUT -i $INTERNET -p tcp ! --syn --sport 21 --dport $UNPRIVPORTS -j ACCEPT
>
> # Incoming port mode data channel connection from port 20
> iptables -A INPUT -i $INTERNET -p tcp --sport 20 --dport $UNPRIVPORTS -j ACCEPT
> iptables -A OUTPUT -o $INTERNET -p tcp ! --syn --sport $UNPRIVPORTS --dport 20 -j ACCEPT
>
> # Outgoing passive mode data channel connection between unprivleged ports
> iptables -A OUTPUT -o $INTERNET -p tcp --sport $UNPRIVPORTS --dport $UNPRIVPORTS -j ACCEPT
> iptables -A INPUT -i $INTERNET -p tcp ! --syn --sport $UNPRIVPORTS --dport $UNPRIVPORTS -j ACCEPT
>
> echo 'Allowing incoming FTP requests.'
>
> # Incoming control connection to port 21
> iptables -A INPUT -i $INTERNET -p tcp -s $CLASS_C --sport $UNPRIVPORTS --dport 21 -j ACCEPT
> iptables -A OUTPUT -o $INTERNET -p tcp ! --syn --sport 21 -d $CLASS_C --dport $UNPRIVPORTS -j ACCEPT
>
> # Outgoing port mode data channel connection to port 20
> iptables -A OUTPUT -o $INTERNET -p tcp --sport 20 -d $CLASS_C --dport $UNPRIVPORTS -j ACCEPT
> iptables -A INPUT -i $INTERNET -p tcp ! --syn -s $CLASS_C --sport $UNPRIVPORTS --dport 20 -j ACCEPT
>
> # Incoming passive mode data channel connection between unprivleged ports
> iptables -A INPUT -i $INTERNET -p tcp -s $CLASS_C --sport $UNPRIVPORTS --dport $UNPRIVPORTS -j ACCEPT
> iptables -A OUTPUT -o $INTERNET -p tcp ! --syn --sport $UNPRIVPORTS -d $CLASS_C --dport $UNPRIVPORTS -j ACCEPT
I'm guessing that I add these lines to /etc/sysconfig/iptables?
Are the:
> $INTERNET="eth0"
> $UNPRIVPORTS="1024:65535"
> $CLASS_C="192.168.0.0/16"
lines some kind of variable definitions?
-- Mark Healey marknews(at)healeyonline(dot)com
- Previous message: Lenard: "Re: RH 9.0, Putting Samba on Linux with RPM?"
- In reply to: Ivan Marsh: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
- Next in thread: Ivan Marsh: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
- Reply: Ivan Marsh: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
