[nzlug] FTP problem
Phillip Hutchings
sitharus at sitharus.com
Sat Jan 13 13:52:40 NZDT 2007
On 1/12/07, anru chen <ctx2002 at gmail.com> wrote:
> finally found what problem was, it was caused by firewall rules.
>
> seems like firefox ftp client implementation is different than my
> debain command line
> ftp client which probably a BSD style ftp client.
>
> the problem is , ftp has a feature called Passive FTP, we need to
> allow it so some ftp clients will connect to FTP server without
> problem.
>
> the firewall rule as below:
>
> iptables -A INPUT -i eth0 -p tcp -s any/0 --sport 1024:65535 --dport
> 1024:65535 -j ACCEPT
>
> so to enable passive FTP, we must allow ftp server to listen on the
> unprivileged port.
Alternatively:
iptables -A INPUT -m state --state=RELATED -j ACCEPT
which uses ip_conntrack, it sniffs the FTP session and opens ports as
needed. The required modules should be loaded as needed but if it
doesn't work you may need to find the module name and modprobe it, I
think it's ip_conntrack_ftp
--
Phillip Hutchings
http://www.sitharus.com/
More information about the NZLUG
mailing list