The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptable rules for FTP

Discussion in 'General Discussion' started by belon_cfy, Jun 28, 2007.

  1. belon_cfy

    belon_cfy Member

    Joined:
    Apr 10, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Hi
    I have enabled my iptable on linux server with cpanel and the port 21 is allowed. But when i connect to the server in passive mode , i encounter the following error message
    Code:
    Command:	LIST -a
    Error:	Transfer channel can't be opened. Reason: A socket operation was attempted to an unreachable host.
    Error:	Could not retrieve directory listing
    But if i disable the passive mode , i encounter the following error message
    Code:
    Response:	200 TYPE is now ASCII
    Command:	PORT 121,7,52,32,14,87
    Response:	500 I won't open a connection to 192.168.1.8 (only to 121.7.52.32)
    Error:	Could not retrieve directory listing
    how can i configure my IPTable to allow passive mode connection ?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You cannot simply open port 21 to allow FTP with iptables. You need to also open port 20 to allow PORT connections, and then setup a "state RELATED,ESTABLISHED" rule to allow access to ephemeral ports for PASV to work.

    Alternatively, use a firewall script that does all this for you, such as csf:
    http://www.configserver.com/cp/csf.html
     
  3. Billa

    Billa Member

    Joined:
    May 2, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
  4. belon_cfy

    belon_cfy Member

    Joined:
    Apr 10, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Hi
    My port 20 already allowed and state is RELATED,ESTABLISHED. But still not working



    I have done the following setting , but the Filezilla still prompt me the error message by using passivemode

    Code:
    iptables -A INPUT -p tcp –dport 30000:50000 -j ACCEPT
    
    /etc/init.d/iptables save
    
    /etc/init.d/iptables restart.
    
    Go to your ftp configration file. If its pure-ftp then you will have option there
    
    to /etc/pure-ftpd.conf (without the leading #):
    PassivePortRange      30000 35000
    Then restart pure-ftpd and csf and pass

    Error Message
    Code:
    Response:	200 TYPE is now ASCII
    Command:	PASV
    Response:	227 Entering Passive Mode (xxx,xxx,xxx,xxx,xxx)
    Command:	LIST -a
    Error:	Transfer channel can't be opened. Reason: A socket operation was attempted to an unreachable host.
    Error:	Could not retrieve directory listing
     
  5. Billa

    Billa Member

    Joined:
    May 2, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Greertings,

    What are you getting in /var/log/messages when you do ftp ?
    Have you tried login to server by disabling firewall for few mins? What port range are you opening there in firewall?

    Have a nice day..!!
    Billa
     
Loading...

Share This Page