Red Hat 7.3, FTP, and ipchains help

wkm001 · 10-09-2003, 03:38 PM

I am having some trouble FTPing out of a Red Hat 7.3 box. Can anyone give me a hand with the rules I need to use in order to ftp out of the box. As of right now I can ftp out but when I try to do a "ls" it says entering into passive mode and freezes. Here are the rules I have now.

:input DENY
:forward ACCEPT

utput ACCEPT

-A input -p tcp -s 0/0 ftp -d 0/0 1024:65535 -j ACCEPT
-A input -p tcp -s 0/0 ftp-data -d 0/0 1024:65535 -j ACCEPT
-A input -p tcp -s 0/0 1024:65535 -d 0/0 ftp-data -j ACCEPT

Thanks for your help,
Casey

unSpawn · 10-10-2003, 09:12 AM

I am having some trouble FTPing out of a Red Hat 7.3 box.
With passive FTP the client starts both control and data connections. The server responds setting the serverside data port not to TCP/20 but to any unprivileged port.
So, speaking input chain, you need "to here:any from there:21" and "to here:any from there:any".

-A input -p tcp -d 0/0 1024:65535 -s 0/0 21 -j ACCEPT
-A input -p tcp -d 0/0 1024:65535 -s 0/0 1024:65535 -j ACCEPT