http://mediawiki.ceinge.unina.it/index.php?action=history&feed=atom&title=biolocal%3AOpen_firewall_for_proftpdbiolocal:Open firewall for proftpd - Revision history2026-04-08T17:14:40ZRevision history for this page on the wikiMediaWiki 1.10.0http://mediawiki.ceinge.unina.it/index.php?title=biolocal:Open_firewall_for_proftpd&diff=1209&oldid=prevGianluca: Bioinfolocal:open firewall for proftpd moved to biolocal:Open firewall for proftpd: moving to the right namespace2008-02-18T10:53:35Z<p><a href="/index.php/Bioinfolocal:open_firewall_for_proftpd" title="Bioinfolocal:open firewall for proftpd">Bioinfolocal:open firewall for proftpd</a> moved to <a href="/index.php/biolocal:Open_firewall_for_proftpd" title="biolocal:Open firewall for proftpd">biolocal:Open firewall for proftpd</a>: moving to the right namespace</p>
<table border='0' width='98%' cellpadding='0' cellspacing='4' style="background-color: white;">
<tr>
<td colspan='2' width='50%' align='center' style="background-color: white;">←Older revision</td>
<td colspan='2' width='50%' align='center' style="background-color: white;">Revision as of 10:53, 18 February 2008</td>
</tr>
</table>Gianlucahttp://mediawiki.ceinge.unina.it/index.php?title=biolocal:Open_firewall_for_proftpd&diff=1096&oldid=prevGianluca: New page: First of all restrict the data transfer in a defined range of ports, on the ftp server: Edit the file proftpd.conf and add or modify the following line: <pre> PassivePorts 49152 65534 # 4...2007-10-04T09:27:42Z<p>New page: First of all restrict the data transfer in a defined range of ports, on the ftp server: Edit the file proftpd.conf and add or modify the following line: <pre> PassivePorts 49152 65534 # 4...</p>
<p><b>New page</b></p><div>First of all restrict the data transfer in a defined range of ports, on the ftp server:<br />
<br />
Edit the file proftpd.conf and add or modify the following line:<br />
<pre><br />
PassivePorts 49152 65534 # 49152-65534, the IANA-registered ephemeral port range<br />
</pre><br />
<br />
<br />
Now the iptables configuration file should be edited to allow connection on the above port range. Edit /etc/sysconfig/iptables:<br />
<br />
<pre><br />
[root@bpd etc]# cat sysconfig/iptables<br />
# Firewall configuration written by system-config-securitylevel<br />
# Manual customization of this file is not recommended.<br />
*filter<br />
:INPUT ACCEPT [0:0]<br />
:FORWARD ACCEPT [0:0]<br />
:OUTPUT ACCEPT [0:0]<br />
:RH-Firewall-1-INPUT - [0:0]<br />
-A INPUT -j RH-Firewall-1-INPUT<br />
-A FORWARD -j RH-Firewall-1-INPUT<br />
-A RH-Firewall-1-INPUT -i lo -j ACCEPT<br />
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT<br />
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT<br />
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT<br />
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT<br />
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT<br />
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT<br />
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT<br />
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 49152:65534 -j ACCEPT <<== Allow the tranfer on a port range<br />
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT<br />
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT <<== Allow the connection on port 21<br />
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited<br />
COMMIT<br />
</pre></div>Gianluca