FTP for firewalled users... - Printable Version

FTP for firewalled users... - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: FTP for firewalled users... (/thread-5167.html)

FTP for firewalled users... - seba22 - 12-16-2008 11:48 PM

Hi,

I have problem, i want to enable PSV mode for FTP.

I assign in proftpd config files passive port range.

Nex on my web gateway i put this lines:

Quote:iptables -A INPUT -p tcp -s 0/0 --sport 59500:59600 -d xxx58 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s xxx17.158 --sport 21 -d 0/0 --dport 59500:59600 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 59500:59600 -d xxx158 --dport 59500:59600 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -s xxx7.158 --sport 59500:59600 -d 0/0 --dport 59500:59600 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s xxx.158 --sport 20 -d 0/0 --dport 59500:59600 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 59500:59600 -d xxx7.158 --dport 20 -m state --state ESTABLISHED -j ACCEPT

The problem, not working...

The question is, does ispcontrol use iptables ?
Does i need to enable this range on webserver based on ispcontrol ?
I'm asking for default installation. On debian 4.0 etch and ispcontrol newest build.

RE: FTP for firewalled users... - BeNe - 12-17-2008 05:54 PM

Quote:The question is, does ispcontrol use iptables ?

Yes! They come with the ispcp_network script (/etc/init.d/ispcp_network)

Code:

Chain ISPCP_INPUT (1 references)

target     prot opt source               destination

           tcp  --  anywhere             anywhere            tcp dpt:imaps

           tcp  --  anywhere             anywhere            tcp dpt:pop3s

           tcp  --  anywhere             anywhere            tcp dpt:submission

           tcp  --  anywhere             anywhere            tcp dpt:smtp

           tcp  --  anywhere             anywhere            tcp dpt:imap2

           tcp  --  anywhere             anywhere            tcp dpt:pop3

           tcp  --  anywhere             anywhere            tcp dpt:https

           tcp  --  anywhere             anywhere            tcp dpt:www

RETURN     0    --  anywhere             anywhere

Chain ISPCP_OUTPUT (1 references)

target     prot opt source               destination

           tcp  --  anywhere             anywhere            tcp spt:imaps

           tcp  --  anywhere             anywhere            tcp spt:pop3s

           tcp  --  anywhere             anywhere            tcp spt:submission

           tcp  --  anywhere             anywhere            tcp spt:smtp

           tcp  --  anywhere             anywhere            tcp spt:imap2

           tcp  --  anywhere             anywhere            tcp spt:pop3

           tcp  --  anywhere             anywhere            tcp spt:https

           tcp  --  anywhere             anywhere            tcp spt:www

RETURN     0    --  anywhere             anywhere

Quote:Does i need to enable this range on webserver based on ispcontrol ?

The Ports must be open on this Server where your proftpd is running.
Per default the should be open. ispCP use the iptables only for Traffic logging in the ports.

Greez BeNe