T
thedust2010
Guest
I know there's been a few posts about this in the past, but they've been of no help to me. I'm trying to get proftpd and iptables to use passive FTP properly (right now the FTP is not functioning so quickly). Here is my IPTables file (/etc/sysconfig/iptables):
The line at the end is the command I'm trying to use for opening up the ports for PASV use:
Inside /etc/proftpd.conf I've placed:
Obviously my IPTables configuration is messed up... does anyone have any advice or an IPTables script that works?
Code:
# Generated by iptables-save v1.2.11 on Fri May 5 15:14:36 2006
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [897:80050]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 27406 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -p tcp --dport 27000:27999 -j ACCEPT
COMMIT
# Completed on Fri May 5 15:14:36 2006
The line at the end is the command I'm trying to use for opening up the ports for PASV use:
Code:
-A RH-Firewall-1-INPUT -p tcp --dport 27000:27999 -j ACCEPT
Inside /etc/proftpd.conf I've placed:
Code:
PassivePorts 27000 27999
Obviously my IPTables configuration is messed up... does anyone have any advice or an IPTables script that works?