Re: Firewall issues with setting up vsftp server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jeff Kinz wrote:

On Sat, Dec 11, 2004 at 11:07:40AM -0600, Terry Linhardt wrote:


Jeff Kinz wrote:


On Sat, Dec 11, 2004 at 10:17:30AM -0600, Terry Linhardt wrote:


I am attempting to set up an ftp server on an internal network. (All hosts are 192.168.1.*) I am using vsftp, but stumbling over an iptables related issue. Also, this is Fedora Core 3.


Whats the content of your iptables script, (Sanitize any important info
please)



Actually, the iptables are the defaults provided with FC3. I have used the GUI to "open" SSH and FTP. As noted in my original post, my problem disappears if I stop the iptables (/etc/rc.d/init.d/iptables stop)



I never use the GUI tools for iptables. I build iptables setup scripts directly, using templates and macros that allow for some fairly fast and very fine grained control.

What is the contents of your /etc/sysconfig/iptables file?


What is the shape/configuration of your Network?



All machines are attached to a Linksys router within the same building. Some are wireless, but I don't think that is an issue. All machines, including the server, are in the IP range of 192.168.1.X with a 255.255.255.0 netmask. In short, *all* machines at this point are on a private network, on the same LAN.



I am assuming your internal LAN is not a "Hostile" environment. (If this
isn't true, let us know)


Correct, not hostile

Since you don't mention any connection from this LAN to the Internet,
you can just turn off the firewall.

If you have an Internet connection:

If your server has dual NICS, where one NIC is a gateway to the
internet, just turn off the firewalling on the NIC which is connected
to the internal LAN and leave it running on the NIC used for the
external Internet connection.

If you are using the Linksys router as your internet gateway, (And you
actually trust it) turn off the firewall on your server completely.
Since you trust the Linksys router (I wouldn't use personally, for other
reasons), you don't necessarily need the additional firewall on your
server.


Where is the delivery target in relation to your server?



If I understand your question, the physcial relationship is that they are in adjacent rooms.



So both target and source are on the same LAN, and the file transfer
doesn't travel over the internet.


Correct.

I might also add that your comments above about using dual NICS, turning off iptables internally, etc. are all valid. I'll just note that this has become one of those issues in which I want to learn how to solve the problem at hand, even though there are a couple of "work-arounds." Sometimes I am just pragmatic, but I envision a need to solve this problem for a "public" ftp server in the near future.

Terry


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux