| View previous topic :: View next topic |
| Author |
Message |
c00l.wave
Tux's lil' helper
Joined: 24 Aug 2003
Posts: 114
|
 Posted: Thu Jun 26, 2008 7:25 am Post subject: [solved] iptables helper ftp on alternative port not working |
 |
|
man iptables says:
| Quote: |
helper
This module matches packets related to a specific conntrack-helper.
--helper string
Matches packets related to the specified conntrack-helper.
string can be "ftp" for packets related to a ftp-session on default port. For other
ports append -portnr to the value, ie. "ftp-2121".
Same rules apply for other conntrack-helpers.
|
However, if I setup PureFTPd to a port other than 21 that helper rule doesn't work:
| Code: |
/sbin/iptables -A INPUT -p tcp --dport 1234 -j ACCEPT
/sbin/iptables -A INPUT -m helper --helper ftp-1234 -j ACCEPT
|
All other ports (except for other public services) are closed. I get a client connection to the FTP server but on passive mode the connection locks up. It works well with the standard port though. I get no log output nor error message, the rule shows up on iptables -L:
| Code: |
ACCEPT all -- anywhere anywhere helper match "ftp-1234"
|
Is there anything I missed?
_________________
nohup nice -n -20 cp /dev/urandom /dev/null &
Last edited by c00l.wave on Wed Jul 02, 2008 5:34 am; edited 1 time in total |
|
| Back to top |
|
 |
sp7xfq
n00b
Joined: 28 Dec 2005
Posts: 60
Location: Poland, Kielce
|
| Posted: Wed Jul 02, 2008 1:46 am Post subject: |
|
|
instead of using the helper module try change ip_conntact_ftp module parameters | Code: |
modprobe -r ip_conntrack_ftp
modprobe ip_conntrack_ftp ports=1234 |
_________________
Andrzej Sobczyk
Feel free to correct my English |
|
| Back to top |
|
|
c00l.wave
Tux's lil' helper
Joined: 24 Aug 2003
Posts: 114
|
| Posted: Wed Jul 02, 2008 5:34 am Post subject: |
|
|
Wow, that did it! 
Thanks a lot!
_________________
nohup nice -n -20 cp /dev/urandom /dev/null & |
|
| Back to top |
|
|
|
Networking & Security
