"Серверийн FTP port iptables дээр нээх"-ны өөр хувилбарууд

Дусал нэвтэрхий толь-с
(Шинэ хуудас: Your ftp server needs a channel to transfer data. Port <code>21</code> is used to establish the connection. So to make data transfer possible you'd need to enable port <code>2…)
 
 
24-р мөр: 24-р мөр:
 
</code></pre>
 
</code></pre>
  
<p>For more on FTP and firewall problems see: <a href="http://slacksite.com/other/ftp.html#active" rel="nofollow">http://slacksite.com/other/ftp.html#active</a>
+
<p>For more on FTP and firewall problems see: http://slacksite.com/other/ftp.html#active
  
 
[[Ангилал:Linux]][[Ангилал:Сисадмин]]
 
[[Ангилал:Linux]][[Ангилал:Сисадмин]]

21:30, 4 Долоодугаар сар 2015-ий байдлаарх одоогийн засвар

Your ftp server needs a channel to transfer data. Port 21 is used to establish the connection. So to make data transfer possible you'd need to enable port 20 as well. See the following configuraton

First load the following module to make sure passive ftp connections are not rejected

<code>modprobe ip_conntrack_ftp
</code>

Allow FTP connections on port 21 incoming and outgoing

<code>iptables -A INPUT  -p tcp -m tcp --dport 21 -m conntrack --ctstate ESTABLISHED -j ACCEPT -m comment --comment "Allow ftp connections on port 21"
iptables -A OUTPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT -m comment --comment "Allow ftp connections on port 21"
</code>

Allow FTP port 20 for active connections incoming and outgoing

<code>iptables -A INPUT  -p tcp -m tcp --dport 20 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -m comment --comment "Allow ftp connections on port 20"
iptables -A OUTPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate ESTABLISHED -j ACCEPT -m comment --comment "Allow ftp connections on port 20"
</code>

Finally allow FTP passive inbound traffic

<code>iptables -A INPUT  -p tcp -m tcp --sport 1024: --dport 1024: -m conntrack --ctstate ESTABLISHED -j ACCEPT -m comment --comment "Allow passive inbound connections"
iptables -A OUTPUT -p tcp -m tcp --sport 1024: --dport 1024: -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -m comment --comment "Allow passive inbound connections"
</code>

For more on FTP and firewall problems see: http://slacksite.com/other/ftp.html#active