[PLUG] passive FTP failing ...
alan
alan at clueserver.org
Thu Aug 4 17:50:32 UTC 2005
On 3 Aug 2005, Russell Senior wrote:
>
> I am running an anonymous ftp server on a public IP. Recently,
> passive-mode FTP transfers are failing. This seems to include
> browsers that seem to do passive mode by default, but I can replicate
> the behaviour with /usr/bin/ftp by ensuring passive mode is on. With
> passive mode off, it works just fine. My iptable rules look like
> this:
>
> /sbin/iptables -A ftp-input -p tcp --syn --dport 21 -j ACCEPT
> /sbin/iptables -A ftp-input -m state --state ESTABLISHED,RELATED -j ACCEPT
> /sbin/iptables -A ftp-input -p tcp --syn -j DROP
> /sbin/iptables -A ftp-input -p udp -j DROP
> /sbin/iptables -A ftp-input -j ACCEPT
>
> It is possible the failure started when I converted from 2.4.x to
> 2.6.11.x. I am going to look at the kernel possibility. Any other
> pointers?
To get that to work, you have to load the iptracking kernel modules for
ftp.
--
Q: Why do programmers confuse Halloween and Christmas?
A: Because OCT 31 == DEC 25.
More information about the PLUG
mailing list