January 7, 2014

Configure iptables for FTP Server, vsftp

Server Installation

Now the ftp server is ready to be used. Lets create a simple text file in the root of the ftp server.

Configure iptables

Existing iptables rules.

First we will add a LOG operation just before the last line in INPUT of iptables that rejects the incoming traffic.

Then we try to list the root of the ftp server. Which will fail, because we have not opened the firewall ftp port and which you will see in the log file.

Now lets open the ftp port in the firewall. We will insert the rule just before the log rule.

Now lets try to list the root again, which will fail. Now look at the log.

You might now wonder why ftp is trying to open port 29736 and the reason is that vsftp is using passive ports to communicate. To fix this we need to add to add ftp filter rules to iptables. The relevant filter rules are found in the kernel module filter directory.

Now add those two filters two iptables

Now save your iptables new rules and restart iptables.

And finally try to list the content of the root in the server again and this should work.

No comments: