Re: I really need to FTP Between my RH9 and Fedora 2 boxes.

From: Ivan Marsh (annoyed_at_you.now)
Date: 11/23/04

Next message: Kyuso Cahi: "Re: Fedora FC3 Sucks!"

Previous message: Ivan Marsh: "Re: Hard or symbolic link quesion."
In reply to: Mark Healey: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
Next in thread: Mark Healey: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
Reply: Mark Healey: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 23 Nov 2004 11:49:29 -0600

On Tue, 23 Nov 2004 06:54:23 +0000, Mark Healey wrote:

> On Mon, 22 Nov 2004 17:12:39 UTC, "Ivan Marsh" <annoyed@you.now> wrote:
>> On Sat, 20 Nov 2004 16:36:06 +0000, Mark Healey wrote:
>> > On Mon, 15 Nov 2004 19:57:40 UTC, "Ivan Marsh" <annoyed@you.now>
>> > wrote:
>> >> On Sat, 13 Nov 2004 05:09:49 +0000, Mark Healey wrote:
>> >>
>> >> > I'm reposting the original message hoping to get a response this
>> >> > time.
>> >> >
>> >> > All I want to do is ftp between a RH9 machine (the server) and a
>> >> > Fedora 2 machine (the client).
>> >> >
>> >> > I'm pretty sure it is a firewall problem with the client machine
>> >> > and the way ftp uses random port numbers.
>> >>
>> >> Have you tried confirming that by turning off the firewall?
>> >
>> > I turn it off on the Fedora (client) box and it works in active mode
>> > but not passive?
>>
>> Do you need it to work in passive mode?
>>
>> Adjust as needed:
>>
>> $INTERNET="eth0"
>> $UNPRIVPORTS="1024:65535"
>> $CLASS_C="192.168.0.0/16"
>>
>> ################################################################################
>> # FTP TRAFFIC
>> ################################################################################
>> echo 'Allowing outgoing FTP requests.'
>>
>> # Outgoing control connection to port 21 iptables -A OUTPUT -o $INTERNET
>> -p tcp --sport $UNPRIVPORTS --dport 21 -j ACCEPT iptables -A INPUT -i
>> $INTERNET -p tcp ! --syn --sport 21 --dport $UNPRIVPORTS -j ACCEPT
>>
>> # Incoming port mode data channel connection from port 20 iptables -A
>> INPUT -i $INTERNET -p tcp --sport 20 --dport $UNPRIVPORTS -j ACCEPT
>> iptables -A OUTPUT -o $INTERNET -p tcp ! --syn --sport $UNPRIVPORTS
>> --dport 20 -j ACCEPT
>>
>> # Outgoing passive mode data channel connection between unprivleged
>> ports iptables -A OUTPUT -o $INTERNET -p tcp --sport $UNPRIVPORTS
>> --dport $UNPRIVPORTS -j ACCEPT iptables -A INPUT -i $INTERNET -p tcp !
>> --syn --sport $UNPRIVPORTS --dport $UNPRIVPORTS -j ACCEPT
>>
>> echo 'Allowing incoming FTP requests.'
>>
>> # Incoming control connection to port 21 iptables -A INPUT -i $INTERNET
>> -p tcp -s $CLASS_C --sport $UNPRIVPORTS --dport 21 -j ACCEPT iptables -A
>> OUTPUT -o $INTERNET -p tcp ! --syn --sport 21 -d $CLASS_C --dport
>> $UNPRIVPORTS -j ACCEPT
>>
>> # Outgoing port mode data channel connection to port 20 iptables -A
>> OUTPUT -o $INTERNET -p tcp --sport 20 -d $CLASS_C --dport $UNPRIVPORTS
>> -j ACCEPT iptables -A INPUT -i $INTERNET -p tcp ! --syn -s $CLASS_C
>> --sport $UNPRIVPORTS --dport 20 -j ACCEPT
>>
>> # Incoming passive mode data channel connection between unprivleged
>> ports iptables -A INPUT -i $INTERNET -p tcp -s $CLASS_C --sport
>> $UNPRIVPORTS --dport $UNPRIVPORTS -j ACCEPT iptables -A OUTPUT -o
>> $INTERNET -p tcp ! --syn --sport $UNPRIVPORTS -d $CLASS_C --dport
>> $UNPRIVPORTS -j ACCEPT
>
> I'm guessing that I add these lines to /etc/sysconfig/iptables?

No. That's part of a bash script. You can make it executeable and run it.
Then run "service iptables save".

> Are the:
>
>> $INTERNET="eth0"
>> $UNPRIVPORTS="1024:65535"
>> $CLASS_C="192.168.0.0/16"
>
> lines some kind of variable definitions?

Yes.

-- 
"No oppression is so heavy or lasting as that which is inflicted by
                 the perversion and exorbitance of legal authority."
i.m.

Next message: Kyuso Cahi: "Re: Fedora FC3 Sucks!"

Previous message: Ivan Marsh: "Re: Hard or symbolic link quesion."
In reply to: Mark Healey: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
Next in thread: Mark Healey: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
Reply: Mark Healey: "Re: I really need to FTP Between my RH9 and Fedora 2 boxes."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

RE: FTP Client issues
... when I use FileZilla or smartFTP, ... 227 Entering Passive Mode. ... > after logging on the FTP server: ... > | Thread-Topic: FTP Client issues ...
(microsoft.public.windows.server.sbs)
Re: FTP on IIS6.0 Not Working
... can you login via ftp.exe to your IIS server? ... >From a remote machine using ftp.exe I can login and it accepts my password. ... (that's without passive mode checked...with passive mode checked it just ... server seem to indicate that I successfully logged in to ftp, ...
(microsoft.public.inetserver.iis.ftp)
Odd ftpd Problem
... My ftpd server fails when requesting passive mode from an internet client, ... I have a separate multi-homed server for the network firewall. ... except for the ftp passive mode. ...
(linux.redhat.misc)
Re: FTP server behind a PF firewall (including NAT)
... > Thank you, but I have a working PF configuration for FTP clients, both ... > for active and passive mode. ... > this firewall) that allows both active mode and passive mode clients. ... > Active-mode transfers are the easiest (again, allow connections to all ...
(comp.unix.bsd.freebsd.misc)
FTP problem
... No matter where I am i can connect to it using ftp... ... this error no matter what i try except for certain commands such as ... I have 2 use passive mode cuz both networks are behind routers with NAT ...
(comp.unix.bsd.freebsd.misc)