I am setting up a server at home (started ages ago, but too busy to get finished :o) )
and trying to get files from my real server by FTP. both servers have same version as listed below.
looking on the web it seems like a firewall problem.
rules show ftp and ftp-data ports as enabled.
Accept If protocol is UDP and destination port is ftp-data
Accept If protocol is UDP and destination port is ftp
Accept If protocol is TCP and destination port is ftp
Accept If protocol is TCP and destination port is domain
any suggestions as what I can look at to get ftp working?
have not stopped firewall (not sure how).
I’m behind a DSL router so it spossible that I need to enable something on that ?
thanks Brian
Webmin version 1.480
Virtualmin version 3.70 Pro
Operating system CentOS Linux 5.3
Perl version 5.008008
Path to Perl /usr/bin/perl
Postfix version 2.3.3
Mail injection command /usr/lib/sendmail -t
BIND version 9.3.4
Apache version 2.2.3
PHP version 5.1.6
Webalizer version 2.01-10
Logrotate version 3.7.4
MySQL version 5.0.45
ProFTPd version 1.30
SpamAssasssin version 3.2.5
ClamAV version 0.95.2
have separate windows and linux computers behind router.
windows works fine as I can ftp and get access to the same server.
if I access a separate server (running Direct Admin) I can FTP it fine
its only a problem when I am trying to connect to my new server from linux.
I used ‘sftp’ and strangley that worked
have been browsing google to see if I can find any solution, but none as yet. I will keep looking.
point of the exercise is so I can do a backup of live server using ‘wget’ which does not work as it gives the same problem as ftp.
have found that if I turn off the router firewall and set PASSIVE mode off then I can FTP into the server (which is a step forward :o) )
still can’t get the ftp out though, so reckon it must be firwall on the test server at home.
on my local server the firewall settings shows the following chain having a reject always. if i remove that I can now get the FTP to work. so some port needs to be enable, anybody any suggestions. should I add ports 20 and 21 in this chain even thoug they ar elisted in the chain Incoming packets (INPUT) ?
thnaks for any advice.
Chain RH-Firewall-1-INPUT
Select all. | Invert selection.
Action Condition Move Add
Accept If input interface is lo
Accept If protocol is ICMP and ICMP type is any
Accept If protocol is 50
Accept If protocol is 51
Accept If protocol is UDP and destination is 224.0.0.251 and destination port is 5353
Accept If protocol is UDP and destination port is 631
Accept If protocol is TCP and destination port is 631
Accept If state of connection is ESTABLISHED,RELATED
Accept If protocol is TCP and destination port is 22 and state of connection is NEW
Reject Always
on top of Incoming packets (INPUT) you need:
Accept If protocol is TCP and destination port is ftp
Accept If protocol is UDP and destination port is ftp
Accept If protocol is UDP and destination port is ftp-data
Accept If protocol is TCP and destination port is ftp-data
you don’t need them in the chain
what i have learned is to have lower numbers on top and high numbers below.
21
22
51
53
110
631
the ssh line shouldn’t be there. it is already in the input before the RH chain.
After you remove it and apply the configuration then the firewall shouldn’t be the issue.
If ftp still doesn’t work then the exact setup of your network would lead to more clues as to what can and what can not be done.