iptables : how to allow incoming ftp traffic?
Posted
by logansama
on Server Fault
See other posts from Server Fault
or by logansama
Published on 2010-04-12T15:51:41Z
Indexed on
2010/04/12
16:13 UTC
Read the original article
Hit count: 210
Hi,
Still fighting my way through the jungle that is called iptables.
I have managed to allow FTP access outside of our LAN: both these would work. NOTE: eth0 is the LAN interface and eth1 is the WAN interface.
iptables -t filter -A FORWARD -i eth0 -p tcp --dport 20:21 -j ACCEPT
or
iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 20:21 --dport 1024:65535 -j ACCEPT
But when i connect to a external FTP server i manage to log in and all is fine until it wishes to List the directory content. Then nothing happens as the data is blocked, due to the fact that i do not have a rule set up to allow it! (my last rule on the FORWARD chain is to block all traffic)
I have tried a gazillion rules (many of which i did not understand) to try and allow the FTP traffic back through my server. One such rule for example was:
iptables -A FORWARD -i eth1 -o eth0 -p tcp --sport 20:21 --dport 1024:65535 -j ACCEPT
But i cannot get the List to work. It just times out after a while.
Would anyone perhaps know how to build a rule which would allow FTP to List / allow such traffic back? Or have a link to sources i could work through?
Thank you,
© Server Fault or respective owner
