Jeff Kinz wrote:
On Sat, Dec 11, 2004 at 11:07:40AM -0600, Terry Linhardt wrote:
Jeff Kinz wrote:
On Sat, Dec 11, 2004 at 10:17:30AM -0600, Terry Linhardt wrote:Actually, the iptables are the defaults provided with FC3. I have used the GUI to "open" SSH and FTP. As noted in my original post, my problem disappears if I stop the iptables (/etc/rc.d/init.d/iptables stop)
I am attempting to set up an ftp server on an internal network. (All hosts are 192.168.1.*) I am using vsftp, but stumbling over an iptables related issue. Also, this is Fedora Core 3.
Whats the content of your iptables script, (Sanitize any important info please)
I never use the GUI tools for iptables. I build iptables setup scripts directly, using templates and macros that allow for some fairly fast and very fine grained control.
What is the contents of your /etc/sysconfig/iptables file?
All machines are attached to a Linksys router within the same building. Some are wireless, but I don't think that is an issue. All machines, including the server, are in the IP range of 192.168.1.X with a 255.255.255.0 netmask. In short, *all* machines at this point are on a private network, on the same LAN.What is the shape/configuration of your Network?
I am assuming your internal LAN is not a "Hostile" environment. (If this
isn't true, let us know)
Correct, not hostile
Since you don't mention any connection from this LAN to the Internet, you can just turn off the firewall.
If you have an Internet connection:
If your server has dual NICS, where one NIC is a gateway to the internet, just turn off the firewalling on the NIC which is connected to the internal LAN and leave it running on the NIC used for the external Internet connection.
If you are using the Linksys router as your internet gateway, (And you
actually trust it) turn off the firewall on your server completely.
Since you trust the Linksys router (I wouldn't use personally, for other
reasons), you don't necessarily need the additional firewall on your
server.
If I understand your question, the physcial relationship is that they are in adjacent rooms.Where is the delivery target in relation to your server?
So both target and source are on the same LAN, and the file transfer
doesn't travel over the internet.
Correct.
I might also add that your comments above about using dual NICS, turning off iptables internally, etc. are all valid. I'll just note that this has become one of those issues in which I want to learn how to solve the problem at hand, even though there are a couple of "work-arounds." Sometimes I am just pragmatic, but I envision a need to solve this problem for a "public" ftp server in the near future.
Terry
