vsftpd and iptables problem
Luca Ferrari
fluca1978 at infinito.it
Thu Apr 12 12:20:53 UTC 2007
Hi all,
I've got a few problems with an ubuntu machine and vsftpd. The first problem
is about vsftpd itself: I don't want to accept anonymous ftp, thus my
vsftpd.conf file contains the following
anonymous_enable=NO
It works, but when users connect to my ftp server using, for instance, a web
browser and point it to ftp://user@ftpserver after that the browser seems to
be redirected to ftp://ftpserver (even if the user has logged in) and thus a
message prompts the user saying anonymous login is disabled. Anyone knows how
to fix it?
The second problem is about the iptables itself. I've placed the following
rules in my configuration script ($UNIVERSE is 0.0.0.0 and EXT_IP is the
external ip of my server, the default policy is to drop):
$IPTABLES_CMD -A INPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -s
$UNIVERSE -d $EXT_IP --dport ftp -j ACCEPT
$IPTABLES_CMD -A INPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -s
$UNIVERSE -d $EXT_IP --dport ftp-data -j ACCEPT
and in fact I can connect to my server, it asks me the password and then keeps
me waiting without opening the connection. I guess it's a problem of the port
selected for ftp-ing, thus I added the following rule
$IPTABLES_CMD -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -s
$UNIVERSE -d $EXT_IP --dport 1024: -j ACCEPT
and it works, but I'm not sure if this is secure and correct. Can anybody tell
me if there's another solution?
Thanks,
Luca
More information about the ubuntu-users
mailing list