Re: opening ports

To: debian-user@lists.debian.org
Subject: Re: opening ports
From: Pete <pete@lotech.co.uk>
Date: Sun, 10 Dec 2006 18:40:06 +0000
Message-id: <[🔎] 20061210184006.GA13386@stonehenge.lotech.co.uk>
In-reply-to: <[🔎] 457C4437.80105@cfl.rr.com>
References: <[🔎] 457C4437.80105@cfl.rr.com>

On Sun, Dec 10, 2006 at 12:30:31PM -0500, Bruce wrote:

[snip]

> Now I am ready to try ftp again.  I assume that I am missing something 
> really simple.  If it were tough I would have found something in the 
> FAQs and Goggle searches.  Rather than beat my head against the wall 
> some more I'll just ask the questions:
> 
> 1) How would I open ftp ports after doing an apt-get install proftpd?

Hi Bruce,

Regarding the FTP side of things, I can tell you what I have set up here on
Debian 4.0, then you can be the judge of whether or not what I've said helps
at all.

I use proftpd too. I'm on a LAN, so one important setting for me in
/etc/proftpd/proftpd.conf was :

MasqueradeAddress               lotech.co.uk (or ip address)

Otherwise my box would be sending back my LAN ip address to connecting
machines which doesn't make things work very well as LAN ip addresses cannot
exist out on 'teh net'.

Also, I opened up some ports so that connecting machines could connect
'passively'. In other words, my server 'drops its pants', and they don't
have to worry about opening ports on their personal firewalls. Which would
be required of them if 'active' FTP was all that I was offering. They'd have
to set up a rule to allow incoming TCP connections with a source port of 20.

So this setting went into the /etc/proftpd/proftpd.conf file too :

PassivePorts                    49152 65534

This is all well and good but not much use if iptables is not allowing FTP
connections in to the box the server's running on.

I created a file simply called 'iptables' and put it in /etc/init.d/. The
rules I used in this file were gleaned from various Internet sources, plus
some very basic knowledge I had myself. The relevant parts of this
'iptables' file are here :

iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m state --state NEW \
--dport 49152:65534 -j ACCEPT

(You'll note the backslash which allows a rule to continue onto the next
line.)

I have my proftpd starting from inetd, as it's never that busy, but I didn't
have to change anything in the /etc/inetd.conf as it was all done for me
with debconf (?) when I apt-get'd proftpd itself. But here is the part
anyway from my /etc/inetd.conf which sorts out proftpd :

ftp     stream  tcp     nowait  root    /usr/sbin/tcpd /usr/sbin/proftpd

That pretty much did it for me. I added a few changes to the
/etc/proftpd/proftpd.conf file that are not really relevant to what we're
talking about here, and just did a :

# /etc/init.d/inetd restart

All done.

I hope this all helps even if in a small way.

ATB.

Pete.

-- 
 18:09:06 up  6:47,  3 users,  load average: 0.00, 0.00, 0.00

Reply to:

References:
- opening ports
  - From: Bruce <bcorbin@cfl.rr.com>

Prev by Date: LAN problem with Etch
Next by Date: Re: what's the killer app for GNU/Linux systems?
Previous by thread: opening ports
Next by thread: Re: opening ports
Index(es):
- Date
- Thread