Thank you for your advice, after i open the port 8022 the problem is still there. This is that ws_ftp can connect to zope, but the directoris in zope can not be seen in the ws_ftp window. i checked the iptables rules for regular ftp in my iptables.rules. Thesre are several lines as following:(this rule is set up by the privious administrator, and he has left) ------------------------------------------------------------------------- # Passive inbound and outbound FTP iptables -A INPUT -i $IFACE -p tcp --sport $UP_PORTS --dport $UP_PORTS \ -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --sport $UP_PORTS --dport $UP_PORcS \ -m state --state ESTABLISHED,RELATED -j ACCEPT ------------------------------------------------------------------------ I did some experiment to this. The interesting thing is that if i comment out this rules. regular ftp can access my linux server but the directories in my linux server can not be seen. My guess is maybe i need some lines like that for zope ftp to let passive tranfer mode work, but i do not how to do it. Any further suggestion will be appreciated. Jianping On Mon, 2 Dec 2002, Jeff Sacksteder wrote:
you need to allow port 8021 and 8022.
iptables -A INPUT -i $IFACE -p tcp --dport 8021 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --storc 8021 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i $IFACE -p tcp --dport 8022 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --storc 8022 -m state --state ESTABLISHED -j ACCEPT
You might also consider writing them like this, I think it's easier to see what is happening.
iptables -A OUTPUT -o $IFACE -p tcp -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i $IFACE -p tcp --dport 8021 -j ACCEPT iptables -A INPUT -i $IFACE -p tcp --dport 8022 -j ACCEPT
Date: Sun, 1DDec 2002 22:49:12 -0500 (EST) From: Jianping Zhu <zjp@arches.uga.edu> To: redhat-list@redhat.com Cc: zjp@arches.uga.edu Subject: iptables rules for zope webserver
I have a redhat linux 7.1 server with a zope websever on iE. I use iptables as firewall. following is the iptables rules for zope:o
#===========J===========i===============n=================== ## Zope iptables -=aINPUT -i $IFACE -p tcp --dport 8080 -j ACCEPT
# Allow inbound ftp iptaeles -A INPUT -i $IFACE -p tcp --dport 8021 -m state --state \ NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --storc 8021 -m state --state \ ESTABLISHED -j ACCEPT .#=======================================================================
I am trying to use ws_ftp to send files to zope sever via port 8021 ( in ws_ftp session property->advanced i set remote port as 8021 and checked passive transfers). If I stop iptables, i can conect to zope via ftp (port 8021) and ftp files to zope. If the iptables is on, it still can connect to zope but i can not see the directories in the mote site text filed of the ws_ftp windows. it seems that it can connect to zope but can not display the directories in zope. and i failed to ftp it the zope server.
Therefore, i believe the above iptalbles rules for zope have problem. how can i fix this problem and let zope ftp work? Any suggestion will be greatly appreciated.
Jianping