On Sat, Dec 11, 2004 at 11:07:40AM -0600, Terry Linhardt wrote: > Jeff Kinz wrote: > >On Sat, Dec 11, 2004 at 10:17:30AM -0600, Terry Linhardt wrote: > >>I am attempting to set up an ftp server on an internal network. (All > >>hosts are 192.168.1.*) I am using vsftp, but stumbling over an iptables > >>related issue. Also, this is Fedora Core 3. > > > >Whats the content of your iptables script, (Sanitize any important info > >please) > > > Actually, the iptables are the defaults provided with FC3. I have used > the GUI to "open" SSH and FTP. As noted in my original post, my problem > disappears if I stop the iptables (/etc/rc.d/init.d/iptables stop) I never use the GUI tools for iptables. I build iptables setup scripts directly, using templates and macros that allow for some fairly fast and very fine grained control. What is the contents of your /etc/sysconfig/iptables file? > > >What is the shape/configuration of your Network? > > > All machines are attached to a Linksys router within the same building. > Some are wireless, but I don't think that is an issue. All machines, > including the server, are in the IP range of 192.168.1.X with a > 255.255.255.0 netmask. In short, *all* machines at this point are on a > private network, on the same LAN. I am assuming your internal LAN is not a "Hostile" environment. (If this isn't true, let us know) Since you don't mention any connection from this LAN to the Internet, you can just turn off the firewall. If you have an Internet connection: If your server has dual NICS, where one NIC is a gateway to the internet, just turn off the firewalling on the NIC which is connected to the internal LAN and leave it running on the NIC used for the external Internet connection. If you are using the Linksys router as your internet gateway, (And you actually trust it) turn off the firewall on your server completely. Since you trust the Linksys router (I wouldn't use personally, for other reasons), you don't necessarily need the additional firewall on your server. > > >Where is the delivery target in relation to your server? > > > If I understand your question, the physcial relationship is that they > are in adjacent rooms. So both target and source are on the same LAN, and the file transfer doesn't travel over the internet. -- Linux/Open Source: Your infrastructure belongs to you, free, forever. Idealism: "Realism applied over a longer time period" http://www.scaled.com/projects/tierone/ <a href=http://kinz.org>Kinz</a> http://www.fedoratracker.org http://www.fedorafaq.org http://www.fedoranews.org Jeff Kinz, Emergent Research, Hudson, MA. ~ ~ ~ ~
