Configuring iptables firewall for FTP server (or TFTP server)
Philip A. Prindeville
philipp_subx at redfish-solutions.com
Thu Mar 4 04:04:09 UTC 2010
I'm running an FTP server on an FC12 box (using proftpd) and I've also
enabled the iptables firewall.
I've made the following config changes:
Changed /etc/sysconfig/iptables-config to have:
IPTABLES_MODULES="nf_conntrack_ftp"
Added /etc/modprobe.d/netfilter.conf and put in it:
options nf_conntrack_ftp ports=21
(you can probably skip this step, as it looks like the defaults for the
module are correct... unless you're doing some funky port forwarding or
virtual hosting and you're running your server on a relocated port #.)
Added to /etc/sysconfig/iptables:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
via system-config-firewall by checking "FTP".
And then restarted iptables as "service iptables restart".
Seems to work fine, after some quick tests.
Thought I'd save others the trouble of having to troubleshoot the firewall.
Adding TFTP is similar... put nf_conntrack_tftp into the
IPTABLES_MODULES variable, add "options nf_conntrack_tftp ports=69" to
your netfilter.conf file, and select the service "TFTP" in the firewall
(which generates: -A INPUT -m state --state NEW -m udp -p udp --dport 69
-j ACCEPT).
Thanks,
-Philip
More information about the users
mailing list