On Fri, August 21, 2009 1:54 pm, Matthew Hannigan wrote: > On Thu, Aug 20, 2009 at 11:03:25AM +1000, Voytek Eymont wrote:
>>>> Hmmmm. Does it have the nf_nat_ftp and nf_conntrack_ftp modules >>>> loaded, too? >> >>> Look in /etc/sysconfig/iptables-config for that. >> thanks, no modules specfied >> >> so I should add IPTABLES_MODULES="nf_nat_ftp nf_conntrack_ftp" > > yes, I think so, but if you use the gui and tick ftp it will do the > needful for you. Matt, thanks I only have ssh access to it >>> Bottom line, ftp is a pretty firewall un-friendly protocol. >>> I'd recommend sftp (i.e. the module/feature of ssh) instead. >> but, if command line ftp client works with no issues, doesn't that >> exclude firewall on the server ? > Maybe. Is the command line client ftp being done from the same > machine? It also depends on whether it's using passive or not. The > default might change from gui to cli - and even version to version each > other. yes, same machine coincidentally, I was just browsing through an old 'Firewall' book, where the 'issues' with FTP are discussed, along the lines that you and others here have pointed out -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
