vsftpd+iptables+pasive mod

HI everybody,
I would like to run vsftpd with pasive mod but ft is runing only vith active mod.

my vsftpd.conf
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
pasv_enable=YES
#pasv_min_port=2000
#pasv_max_port=65534
pasv_address=my external IP
#connect_from_port_20=YES
vsftpd_log_file=/opt/var/log/vsftpd.log
idle_session_timeout=600
data_connection_timeout=120
ftpd_banner=hihi
banner_file=/etc/vsftpd_motd
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/opt/etc/vsftpd.chroot_list
user_config_dir=/opt/etc/vsftpd_user_conf
ls_recurse_enable=YES

this is runing with pasive mod only when my iptables alows everithing in INPUT

and with this is not runing.
#!/bin/sh
iptables -D INPUT -j DROP
iptables -P INPUT DROP
iptables -A INPUT -p tcp --dport auth -j REJECT

#ftp-vsftpd
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
#smtp&pop3
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
#www
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#ssh
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

my iptables -L look like

iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT tcp -- anywhere krakonosovo tcp dpt:www
REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

Please where is bug?
thx

	Author	Topic: vsftpd+iptables+pasive mod (Read 413 times)
0 Members and 1 Guest are viewing this topic.