|
Title: vsftpd+iptables+pasive mod Post by: green on May 08, 2008, 11:57:17 AM HI everybody,
I would like to run vsftpd with pasive mod but ft is runing only vith active mod. my vsftpd.conf local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES pasv_enable=YES #pasv_min_port=2000 #pasv_max_port=65534 pasv_address=my external IP #connect_from_port_20=YES vsftpd_log_file=/opt/var/log/vsftpd.log idle_session_timeout=600 data_connection_timeout=120 ftpd_banner=hihi banner_file=/etc/vsftpd_motd chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/opt/etc/vsftpd.chroot_list user_config_dir=/opt/etc/vsftpd_user_conf ls_recurse_enable=YES this is runing with pasive mod only when my iptables alows everithing in INPUT and with this is not runing. #!/bin/sh iptables -D INPUT -j DROP iptables -P INPUT DROP iptables -A INPUT -p tcp --dport auth -j REJECT #ftp-vsftpd iptables -A INPUT -p tcp --dport 21 -j ACCEPT #smtp&pop3 iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 110 -j ACCEPT #www iptables -A INPUT -p tcp --dport 80 -j ACCEPT #ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT my iptables -L look like iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW ACCEPT all -- anywhere anywhere state NEW ACCEPT tcp -- anywhere krakonosovo tcp dpt:www REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Please where is bug? thx
Powered by SMF 1.1.7 |
SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com |