On a related note, I am not a IP tables guru :( What rules do I have to add to let passive FTP in. Do I just have to allow what ever high port range I have specifired in my ftp config?
Matt P. On Wed, December 7, 2005 5:32 pm, Dave Sorenson wrote: > I'd agree except for the observation it was still not working when I > turned off the firewall entirely to make sure it was not a firewall > problem. > > Thanks for the thought though! > > Dave > > Joseph Mack NA3T wrote: >> On Wed, 7 Dec 2005, Dave Sorenson wrote: >> >>>>> >>>>>>> directory listing. I've tried both passive and active modes >>>>>>> with >>>>>>> multiple FTP clients, scoured the vsftpd.conf, firewall is open >>>>>>> on 20 >>>>>>> and 21 (I even tried disabling the firewall briefly to make >>>>>>> sure >>>>>>> that >>>>>>> was not the problem) but no luck. anyone ever see this before? >> >> VSFTP in active mode calls from a high (>1024) port rather than port >> 20. This is to allow it to run without root privileges. watch it >> with >> netcat >> >>>>> Sounds like passive FTP not getting through the firewall. Try >>>>> doing a >>>>> 'modprobe >>>>> ip_conntrack_ftp' on the server, or seeing if you can force your >>>>> client to >>>>> use >>>>> active mode only. >> >> iptables "RELATED" knows about the calling port >> >> Joe >> > -- > TriLUG mailing list : > http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
