IPTables+ProFTPD+MAIL settings

pcspyoffice · June 1, 2010, 10:36am

Hello!

I’ve manage to setup virtualmin 3.78 gpl on centos 5.5 64 bytes server.
So far so good, I use an external DNS server, with some virtual hosts created, all pointing the right content but I have some problems:

I couldn’t connect to ftp server using active or pasive connection with filezila, but that because I have enable iptables, on my centos server, even with ftp port TCP and UDP (21 and 20) open.
When I reset filewall ftp it is working, so it is an iptables problem.

My mail server doesn’t working, I am trying to connect using thunderbird.

My server it is running on nat-ed network, with DMZ enable, becuase ftp server issues: not working very well on port fowarding
On saslaupdth I put FLAG=-r

Thank you

Eric · June 1, 2010, 2:38pm

Howdy,

So you’re saying that FTP works fine when iptables is disabled?

One thing you may want to try is logging into your server over SSH, and running these command:


modprobe nf_conntrack_ftp
modprobe nf_nat_ftp
modprobe ip_conntrack_ftp

Those enable some different forms of connection tracking for FTP, which will hopefully help iptables determine which connections are allowed.

As far as connecting to email goes – what error are you getting? And do you see any errors showing up in /var/log/maillog?

-Eric

pcspyoffice · June 2, 2010, 3:32am

Thank you for your reply!

When I do
modprobe nf_conntrack_ftp
modprobe nf_nat_ftp
i get module not found

Run modprobe ip_conntrack_ftp it is ok.
My server has one network interface (connected to lan network, on a router with dmz enable)

Eric · June 2, 2010, 3:36am

Okay, try this instead:


modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

And then see if your FTP works!

-Eric

pcspyoffice · June 4, 2010, 5:13am

This time the command work without error but when i try to connect to ftp server ,with filzila , i get this:

bla bla succefully
Command: PORT 192,168,85,13,213,250
Response: 200 PORT command successful
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing

pcspyoffice · June 5, 2010, 7:52pm

Problem with ftp server solved, how?!

Well my server it is behind an nat router, but it is in DMZ zone, iptables enable before installation of virtualmin.
Transfer Setting at filzila is in active mode but I check : limit simultanous connction to 1
But the disavantage is , if i try to connect trough an nat network the connection doesn’t working.