Re: FTP and Firewall

Kalyan Manchikanti wrote:
On Feb 20, 6:08 pm, Stephane M <Steph...@xxxxx> wrote:
StephaneM a écrit :



Kalyan Manchikanti wrote:
On Feb 20, 1:43 am, Stephane M <Steph...@xxxxx> wrote:
Hi,
I wish to use my Firewall
I am using CentOS v 4.4 and I did use the Firewall setup available on
the GYI
[ Enable the Firewall and Accept FTP, WWW ]
1) the web works fine !!1
2) The FTP site doesn't work
I edit my /etc/sysconfig/iptables
- A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j
ACCEPT
- Is there something wrong with that ?
3) All this settings are configure via their port.
Now, suppose that I wish to disable (or Enable) an application like
SAMBA
- How can I do that ?
Thanks very much for your help
Stephane
Unless you are very familiar with how iptables work, editing /etc/
sysconfig/iptables is not usually the best option. Instead you can use
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p udp --dport 21 -j ACCEPT
Also, after making any changes to your firewall rules, do a
service iptables save --> saves the rules ( puts a copy of the old
rules in /etc/sysconfig/iptables.save)
and make sure firewall is on in the appropriare levels ( chkconfig --
list iptables)
As to your question regarding samba. Samba allows access control
through it's configuration file. Check man smb.conf for various
options you can use within it's conf file to restrict users and/ or
hosts.
hth,
Kalyan
Sorry but it doesn't work
I browsed the web and I found some other way.
Here is what I have.... but it doesn't work....
I have no idea what is wrong
HTTP works fine..
vSFTPD doesn't work out :-(
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -m tcp -p
tcp --dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -m tcp -p
tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
Is there any problem with CentOS v 4.4 (vSFTPD and IPtables ?)

I just created a basic Firewall with FedoraCore 5
FTP and HTTP works fine.

I did copy the iptables files (from Fedora -> CentOS v 4.4 => FTP still
doesn't work !!!!!! ????

Stephane


Not to be redundant, but did you check the configuration of the vsftpd
itself ? I'd do the following in the order

1. Check /etc/vsftpd/vsftpd.conf for any errors or syntax issues.
2. Check if vsftpd is turned on in the proper run levels. ( chkconfig
--list vsftpd)
3. Check if tcp wrappers are enabled for vsftpd by any chance ( /etc/
hosts.allow and /etc/hosts.deny)
4. Do you see anything in /var/log/messages when you try to connect?
5. As a last resort, flush your firewall rules using iptables -F( do a
service iptables save before) and try connecting. Your old rules will
be saved in /etc/sysconfig/iptables.save


hth,
Kalyan


Hi,

I checked the chkconfig --list

bgpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
vsftpd 0:off 1:off 2:off 3:off 4:off 5:on 6:off
dhcrelay 0:off 1:off 2:off 3:off 4:off 5:off 6:off
amd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
httpd 0:off 1:off 2:off 3:off 4:off 5:on 6:off
ldap 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Is that correct ? (I have no clue of what I am doing :-)


2) Syntax error ? not sure... works perfectly without the Firewall

.

Relevant Pages

  • Re: FTP and Firewall
    ... [Enable the Firewall and Accept FTP, ... service iptables save --> saves the rules (puts a copy of the old ... Is there any problem with CentOS v 4.4 (vSFTPD and IPtables ?) ... FTP and HTTP works fine. ...
    (linux.redhat)
  • Re: vsftpd setup
    ... I also have tried to disable firewall using the ... >>vsftpd.xinetd file. ... > In RH 9, vsftpd is not set up to be run by xinetd, and you should not try to ... >>from remote machine. ...
    (comp.os.linux.setup)
  • Re: FTP and Firewall
    ... I wish to use my Firewall ... tcp --dport 20 -j ACCEPT ... but did you check the configuration of the vsftpd ... service iptables save before) and try connecting. ...
    (linux.redhat)
  • vsftpd hanging after receiving password, pure-ftpd works
    ... does not look like a firewall issue - since I tried another FTP ... Looking at vsftpd.log on my server, ... Is there any more debugging I can turn on, or anything else to try at vsftpd ...
    (Fedora)
  • Re: Code Red Doesnt care about TCP sessions?
    ... Code Red Doesn't care about TCP sessions? ... I also neglected to state that I've correlated this activity to firewall ... >> from the Web server before it sent it's ACK and then GET request. ...
    (Incidents)