Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

firewall problem with apache mod_ftpd
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
binro
l33t
l33t


Joined: 06 May 2005
Posts: 742
Location: Bangkok
PostPosted: Sat Feb 18, 2006 10:53 am    Post subject: firewall problem with apache mod_ftpd Reply with quote
I know this is a vexed issue because it says so in the mod_ftpd wiki entry! I emerged mod_ftpd and set it up precisely as in the wiki howto. It works fine via the LAN but not externally, I get a time-out when data needs to flow. Salient points are:
o my server is in the ADSL router's DMZ;
o the server has iptables rules that open ports 20, 21, 25, 80, 110, etc. POP, SMTP and HTTP work fine;
o using ncftp I can log in but get and ls commands time-out;
o ncftp starts in PASV mode and then falls back to PORT: neither work.

I can see the commands in the apache logs:

    58.136.209.105 - anonymous [18/Feb/2006:14:34:07 +0700] "RETR /kps-0.2.tar.bz2" 500 -
    58.136.209.105 - anonymous [18/Feb/2006:14:35:12 +0700] "LIST /" 500 -

mod_ftpd is 0.13.0. Anybody any idea what is going on? (Googleing on "mod_ftpd firewall" only produces links to the wiki article. :-( )

TIA
_________________
"Ship me somewheres east of Suez, where the best is like the worst,
Where there ain't no Ten Commandments an' a man can raise a thirst"
from "Mandalay" by Rudyard Kipling
Back to top
View user's profile Send private message
binro
l33t
l33t


Joined: 06 May 2005
Posts: 742
Location: Bangkok
PostPosted: Sun Feb 19, 2006 10:04 am    Post subject: firewall problem with apache mod_ftpd [SOLVED] Reply with quote
The problem was in my iptables rules. Having read just about everything out there on this subject, I eventually added the following to /var/lib/iptables/rules-save:
Code:

-A FORWARD -p tcp  --sport 1024: --dport 21
  -m state --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp --sport 21 --dport 1024:
  -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp  --sport 1024: --dport 1024:
  -m state --state RELATED,ESTABLISHED -j ACCEPT


I only ever have one interface active and these rules permit passive mode only. I will try and update the mod_ftpd wiki entry. :)
_________________
"Ship me somewheres east of Suez, where the best is like the worst,
Where there ain't no Ten Commandments an' a man can raise a thirst"
from "Mandalay" by Rudyard Kipling
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy