[PLUG] passive FTP failing ...

alan alan at clueserver.org
Thu Aug 4 17:50:32 UTC 2005


On 3 Aug 2005, Russell Senior wrote:

> 
> I am running an anonymous ftp server on a public IP.  Recently,
> passive-mode FTP transfers are failing.  This seems to include
> browsers that seem to do passive mode by default, but I can replicate
> the behaviour with /usr/bin/ftp by ensuring passive mode is on.  With
> passive mode off, it works just fine.  My iptable rules look like
> this:
> 
>     /sbin/iptables -A ftp-input -p tcp --syn --dport 21 -j ACCEPT
>     /sbin/iptables -A ftp-input -m state --state ESTABLISHED,RELATED -j ACCEPT
>     /sbin/iptables -A ftp-input -p tcp --syn -j DROP
>     /sbin/iptables -A ftp-input -p udp -j DROP
>     /sbin/iptables -A ftp-input -j ACCEPT
> 
> It is possible the failure started when I converted from 2.4.x to
> 2.6.11.x.  I am going to look at the kernel possibility.  Any other
> pointers?

To get that to work, you have to load the iptracking kernel modules for 
ftp.

-- 
Q: Why do programmers confuse Halloween and Christmas?
A: Because OCT 31 == DEC 25.




More information about the PLUG mailing list