General discussion

Locked

Cannot use FTP connection with iptables

By hung ·
Hi all friends,
I have a problem with iptables. I configured iptables to share my Leased Line (128 Kbps) on the LAN. There are problems with connecting FTP throught NAT to FTP server (such as FTP server on Windows 2000 Advance Server.), it has someerrors such as "PORT command failed"... So, I cannot list any folders or files in this FTP server.

Note: But, with FTP server on LINUX server machine, it hasn't the same error as on Windows SR machine.

Ok, here is my list of IPTABLES -L

#Generated by iptables-save v1.2.6a on Wed Jun 25 15:18:36 2003
*nat
REROUTING ACCEPT [198210:16277982]
OSTROUTING ACCEPT [526:42386]
UTPUT ACCEPT [43:4667]
[187289:14464801] -A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Jun 25 15:18:36 2003
# Generated by iptables-save v1.2.6a on Wed Jun 25 15:18:36 2003
*filter
:INPUT ACCEPT [14034:2080911]
:FORWARD ACCEPT [376631:89228987]
UTPUT ACCEPT [1669:175943]
[0:0] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
[38:1449 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[40:1684] -A INPUT -p tcp -m tcp --dport 23 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --sport 21 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --sport 6699 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A OUTPUT -p tcp -m tcp --sport 21 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Jun 25 15:18:36 2003

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Cannot use FTP connection with iptables

by Jeromey In reply to Cannot use FTP connection ...

ADD TO IPTABLES SCRIPT
======================
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/iptables -A INPUT -p TCP -s 0/0 --dport 20:21 -j ACCEPT
/sbin/iptables -A INPUT -p UDP -s 0/0 --dport 20:21 -j ACCEPT

Looks like you are accepting input on your external interface for source port of 21. It should be destination port 21
Port 20 is FTP Data
Port 21 if FTP
TCP/UDP

Collapse -

by br In reply to Cannot use FTP connection ...

just add an ACCEPT statement for establ. and related connections:

iptables -I INPUT -s 0/0 -d 0/0 -m state --state ESTABLISHED, RELATED -j ACCEPT

Hope this helps..

Back to Linux Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums