[luau] Iptables firewall question
Vince Hoang
luau at ml.altern8.net
Thu Jan 9 23:19:01 PST 2003
On Thu, Jan 09, 2003 at 11:41:58PM -0600, Florian Hines wrote:
> I'm running a RH7.3 system (all updates) with wu-ftpd,
> iptables and I used MonMotha's Firewall 2.3.8-pre9 to set the
> script up. I'm allowing the following TCP ports
>
> TCP_ALLOW="20 21 22 25 80 110 443"
To run an FTP server that supports both PASV and PORT mode, you
will have to also allow incoming connections to your ephemeral
port range.
<soapbox>
1) By default, it is a very large range and increasing your risk.
Here is a link on how to minimize your exposure:
http://www.ncftpd.com/ncftpd/doc/misc/ephemeral_ports.html
2) Do NOT use wu-ftpd.
If you have to file share, use http.
If you have to use ftp, run an anonymous only ftp server.
If you have to run non-anonymous, do _NOT_ use wu-ftpd.
</soapbox>
I am biased towards proftpd because it is fully featured, has a
reasonable track record for an ftpd, and I used to work with one
of the maintainers.
> But, when I ftp to the machine and login it times out when it
> tries to "ls" the directory ?
It is probably because your client defaulted to passive mode.
Active mode should work with the current setup.
HTH,
-Vince
More information about the LUAU
mailing list