Remember that FTP works by first establishing connections at the specified ports (8020 and 8021) and then it negotiates new ports for further transactions. Therefore, you have to accept both ESTABLISHED and RELATED ports in order to get FTP working through a firewall: iptables -A INPUT -p all -i eth0 --dport 8021 -j ACCEPT iptables -A INPUT -p all -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p all -m state --state ESTABLESHED,RELATED -j ACCEPT Bryan
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Jianping Zhu Sent: Sunday, December 01, 2002 7:52 PM To: zope@zope.org Subject: [Zope] iptables rules for zope webserver
I have a redhat linux 7.1 server with a zope websever on it. I use iptables as firewall. following is the iptables rules for zope:
#=========================================================== ## Zope iptables -= INPUT -i $IFACE -p tcp --dport 8080 -j ACCEPT
# Allow inbound ftp iptables -A INPUT -i $IFACE -p tcp --dport 8021 -m state --state \ NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --storc 8021 -m state --state \ ESTABLISHED -j ACCEPT #=======================================================================
I am trying to use ws_ftp to send files to zope sever via port 8021 ( in ws_ftp session property->advanced i set remote port as 8021 and checked passive transfers). If I stop iptables, i can conect to zope via ftp (port 8021) and ftp files to zope. If the iptables is on, it still can connect to zope but i can not see the directories in the remote site text filed of the ws_ftp windows. it seems that it can connect to zope but can not display the directories in zope. and i failed to ftp it the zope server. Therefore, i believe the above iptalbles rules for zope have problem. how can i fix this problem and let zope ftp work? Any suggestion will be greatly appreciated.
Jianping
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )