[olug] Suse 9.0 Pro ISOs on FTP server

Phil Brutsche phil at brutsche.us
Tue Jan 13 19:56:38 UTC 2004


Daniel Linder wrote:

> Dang...  Can someone tell me why it insists on going into Passive mode? 

Well... that's the way FTP clients are supposed to work these days.  So 
many people use NAT these days that active mode is useless.

No problems here with either passive or active modes, BTW, on a system 
without a firewall.  Failure here on in passive mode on a system behind 
a firewall.  No point in trying active mode ;)

> Could that be the culprit.  Robert, e-mail me offline with your home IP
> address and I'll open up the IPTables for your address to see if that
> makes any difference.
> 
> Matthew M. or David W.: Any thoughts? I know you two put in your fair
> share of IPTables firewall time. :)

Do you have the ip_conntrack_ftp module loaded and the appropriate 
iptables stateful filtering magic in use?

My firewall configurations usually go something like this:

modprobe ip_conntrack_ftp
iptables -A INPUT -m state --state ESTABLISHED,RELATED \
    -i <outside interface? -j ACCEPT
<iptables rules to allow incoming connections for ssh or whatever>
$IPT -A INPUT -m state --state NEW,INVALID -i <outside interface> \
    -j REJECT

-- 

Phil Brutsche
phil at brutsche.us


More information about the OLUG mailing list