Portal Home > Knowledgebase > Articles Database > [VPS] Iptables and Pure-FTPD doesn't work
[VPS] Iptables and Pure-FTPD doesn't work
Posted by Biggie0344, 05-13-2014, 10:26 AM |
Hello WHT,
I am trying to configure IPtables to work with PureFTPD.
It doesn't work with Iptables enabled ( when I stop iptables everything works ).
I am using Centos 6, with cPanel / WHM
I tried to do this:
iptables -I INPUT -p tcp --dport 21 -j ACCEPT
iptables -I INPUT -p tcp --dport 20 -j ACCEPT
Here is my output of: iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
cP-Firewall-1-INPUT all -- anywhere anywhere
acctboth all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dptsh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
cP-Firewall-1-INPUT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
acctboth all -- anywhere anywhere
Chain acctboth (2 references)
target prot opt source destination
Chain cP-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:tpcsrvr
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:infowave
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:tsrmagt
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:26
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dptmtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:gnunet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:eli
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nbx-ser
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:urd
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nbx-dir
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:radsec
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
What am I doing wrong ?
Thanks in advance
|
Posted by sysc, 05-13-2014, 12:32 PM |
You also need to allow a port range for "passive" connections.
iptables -I INPUT -p tcp --dport 30000:50000 -j ACCEPT
iptables -I INPUT -p udp --dport 30000:50000 -j ACCEPT
iptables -I INPUT -p tcp --dport 21 -j ACCEPT
iptables -I INPUT -p udp --dport 21 -j ACCEPT
|
Posted by Biggie0344, 05-13-2014, 12:48 PM |
Unfortunately I get the following:
The data connection could not be established: ECONNREFUSED - Connection refused by server
Filezilla connects to the / folder but if i want to go to a subfolder i get the error.
What could it be ?
|
Posted by sysc, 05-13-2014, 12:53 PM |
Did you uncomment the passive port directive in the config?
|
Posted by Biggie0344, 05-13-2014, 01:09 PM |
Oh i forgot that. LIFESAVER.
Thank you so much !
|
Posted by sysc, 05-13-2014, 01:11 PM |
No problem
|
Add to Favourites Print this Article
Also Read