FTP with iptables
Hi.
We set up a firewall with iptables and the following settings (as given by "iptables -L"):
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
So, we setup a FTP-Server on a suse mashine to test the ftp connection. We use the proftpd and
the connection is fine. But with other FTP-Servers over the world (for example ftp.kernel.org)
it is not possible to do any file transfers. No listing is shown, it seems to be a file transfer
over the data channel, too.
Here is the error:
Connected to ftp.kernel.org, waiting for response...
< 220 ProFTPD [ftp.kernel.org]
> USER anonymous
< 331 Anonymous login ok, send your complete email address as your password.
> PASS *****
< 230 Anonymous access granted, restrictions apply.
> REST 1
< 350 Restarting at 1. Send STORE or RETRIEVE to initiate transfer.
> REST 0
< 350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer.
> SYST
< 215 UNIX Type: L8
> PWD
< 257 "/" is current directory.
~ Login completed.
> PORT 192,192,192,220,6,106
< 500 Illegal PORT command.
~ Could not retrieve directory listing for "/"
What can we do to solve this problem?
Thanks a lot for your help,
The Muffinman
Reply to: