FTP/TLS Firewall

Discussion in 'Server Operation' started by Juddling, Nov 17, 2010.

  1. Juddling

    Juddling New Member

    My FTP(s) isn't working when my firewall is enabled. I have always had my iptables set up for me in the past, I learnt roughly how to set one up yesterday, but I've missed a rule that this requires. Here is my iptables.rules


    # Generated by iptables-save v1.4.4 on Tue Nov 16 23:23:50 2010
    *filter
    :FORWARD ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]


    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state -i eth0 --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 20:21 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 989:990 -j ACCEPT
    -A INPUT -p tcp -m tcp -i eth0 --dport 22 -j ACCEPT
    -A INPUT -p tcp -m tcp -i eth0 --dport 80 -j ACCEPT
    -A INPUT -p tcp -m tcp -i eth0 --dport 443 -j ACCEPT
    -A INPUT -p tcp -m tcp -i eth0 --dport 10000 -j ACCEPT
    -A INPUT -p icmp -i eth0 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-port-unreachable


    COMMIT
    # Completed on Tue Nov 16 23:23:50 2010
    # Generated by iptables-save v1.4.4 on Tue Nov 16 23:23:50 2010
    *mangle
    :pREROUTING ACCEPT [95811:65665815]
    :INPUT ACCEPT [92355:65212126]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [55795:22371752]
    :pOSTROUTING ACCEPT [55795:22371752]
    COMMIT
    # Completed on Tue Nov 16 23:23:50 2010
    # Generated by iptables-save v1.4.4 on Tue Nov 16 23:23:50 2010
    *nat
    :pREROUTING ACCEPT [5132:543438]
    :pOSTROUTING ACCEPT [953:67517]
    :OUTPUT ACCEPT [953:67517]
    COMMIT
    # Completed on Tue Nov 16 23:23:50 2010



    So just to summarize, my FTP will connect but not show any files with the firewall enabled. with firewall disabled, everything is perfect.
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Did you try both active and passive transfers in your FTP client?
     
  3. Juddling

    Juddling New Member

    my client fireftp will only let me connect passively using TLS
     
  4. falko

    falko Super Moderator ISPConfig Developer

Share This Page