The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ftp blocked by firewall?

Discussion in 'General Discussion' started by xbuzz, Jan 31, 2006.

  1. xbuzz

    xbuzz Member

    Joined:
    Nov 26, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    i can log into FTP only by doing the following (in windows)

    1. start => run
    2. cmd
    3. ftp ftp.domain.com
    4. username
    5. password
    6. ls (displays directory contents)

    ------------------------------------------------------------------

    problem is i can not use an ftp client to connect. if i want to use IE (internet explorer) i can't use that either. it sort begins to connect reconizes it is the correct username/password then drops the connection.

    i have a feeling that iptables is somehow blocking the ports (not 21) required for data connections.

    /etc/pure-ftpd.conf
    -----------------------------------
    PassivePortRange 30000 50000
    -----------------------------------
    ^^
    ftp uses this port range to select a random port the open a data connection on.

    [19:12:50] Opening data connection to 7x.x.x.x Port: 30001
    [19:12:50] MLSD
    [19:13:11] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.


    I do not want to turn off iptables... I know there must be another way. I shouldn't have to turn off my software firewall for that.

    Much Thanks,

    CT
     
  2. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    Ftp uses port 21. Have you tried the ftp program in passive mode? IE is very temperamental about ftp - but it usually works. What exactly is the error message you are getting, both from the program and from the server in the ftp window?

    Filezilla is a good, free, open-source ftp client for Windows. http://filezilla.sourceforge.net
     
  3. xbuzz

    xbuzz Member

    Joined:
    Nov 26, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    just incase anyone else runs into this problem.... i found the problem. iptables blocks default ports 30000 50000....

    type this command as root and it should fix it

    iptables -I INPUT -p tcp --dport 30000:50000 --syn -j ACCEPT

    --
    CT
    xBuzz Networks
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Just be aware that if you're using an SPI firewall connection, that by implementing that you're effectively opening a huge hole in your firewall and breaking SPI the whole point of which is to allow through ephemeral connections for specific established port connections (e.g. FTP). So, you're converting from an SPI to a static firewall with a nice big hole in it.

    The better way would be to use a script to configure your iptables firewall that correctly configures it for SPI.
     
Loading...

Share This Page